---
name: coinbase-wallet
agent: any
description: Generic skill for integrating Coinbase agentic wallet flows into an AI agent system (real USDC/ETH operations with safety guardrails).
---

# Coinbase Wallet Skill (Public Template)

Use this as a starter skill manifest for agent platforms.

## Purpose
Enable an agent to safely perform real wallet operations:
- Check wallet auth/status
- Check balances (USDC/ETH)
- Send funds with strict policy controls
- (Optional) Pay machine-to-machine services

## Use When / Don't Use When

| Use This Skill | Don't Use This Skill |
|---|---|
| You need real on-chain payment flows | You only need fake/test credits |
| You need wallet status/balance checks | You don't have secure secret handling |
| You need transaction traces and auditability | You can't enforce spending limits |

## Prerequisites
1. Coinbase wallet tooling installed (CLI or SDK)
2. Secure secrets management for auth/session artifacts
3. Explicit spending policy limits
4. Human override/escalation path

## Recommended Guardrails (start conservative)
- Per-transaction limit: **$10-$25**
- Per-session cap: **$50-$100**
- Allowlist recipients/domains when possible
- Require explicit confirmation for every transfer
- Block ambiguous recipient input

## Minimum Command Surface
Expose these actions to your agent:

1. `status`
   - Returns auth state, chain, wallet address
2. `balance`
   - Returns USDC/ETH balances
3. `send(amount, asset, recipient)`
   - Sends funds after policy checks
4. `address`
   - Returns public wallet address

## Example UX Contract
Before any send:
1. Restate amount + asset + recipient
2. Validate against guardrails
3. Require explicit confirmation
4. Execute and return tx hash

## Error Handling Rules
- Never retry sends blindly
- Surface actionable failures (insufficient funds, invalid address, auth expired)
- On auth expiry, re-run login/verify flow before continuing
- Log tx hash + timestamp + intent for every success

## Suggested Skill API (Pseudo)
```ts
getStatus(): Promise<{ authenticated: boolean; address?: string; chain?: string }>
getBalance(): Promise<{ usdc: string; eth: string }>
getAddress(): Promise<string>
send(input: { amount: string; asset: 'USDC'|'ETH'; to: string }): Promise<{ txHash: string }>
```

## Security Notes
- Treat every transaction as irreversible.
- Never expose private keys in model context.
- Keep signing in secure runtime boundaries.
- Maintain audit logs outside model memory.

## Deployment Checklist
- [ ] Limits configured
- [ ] Recipient validation in place
- [ ] Human confirmation step enabled
- [ ] Structured transaction logging enabled
- [ ] Failure alerts configured

---