feat: proposal for OWS wallet plugin

[kevarifin14]

Problem

Agent plugins expect private keys via environment variables (`EVM_PRIVATE_KEY`, `SOLANA_PRIVATE_KEY`). These sit in `.env` files, shell history, CI logs, and Docker build layers.

Proposal

Add an OWS wallet plugin/skill that loads keys from an OWS encrypted vault instead of env vars. Keys encrypted at rest (AES-256-GCM, scrypt KDF), decrypted only during signing.

// Before
const key = process.env.EVM_PRIVATE_KEY;

// After
import { exportWallet } from "@open-wallet-standard/core";
const key = exportWallet("my-agent-wallet");

Multi-chain support: EVM, Solana, Sui, Bitcoin, Cosmos, Tron, TON — all from one vault.

Greptile Summary

This PR adds a single markdown file (packages/skills/ows_proposal.md) proposing an OWS (Open Wallet Standard) wallet skill that would load private keys from an encrypted local vault instead of plain-text environment variables.\n\nThe change is not ready to merge in its current form for several reasons:\n\n- Wrong path & filename: The skill loader scans packages/skills/skills/<name>/SKILL.md. A file placed at the package root with a _proposal.md suffix is never discovered and has no runtime effect.\n- Missing YAML frontmatter: The skill format requires a frontmatter block with at minimum name and description; this file has none, so even if relocated it would be rejected by the loader.\n- Stub content: The body is 9 lines and only references an external URL. No installation steps, no code examples, no workflow, and no guardrails are provided — everything detailed in the PR description is absent from the actual file.\n- Proposal vs. implementation: If this is purely a design proposal, the packages/skills/ directory is the wrong venue; a GitHub Discussion or docs/ entry would be more appropriate.

Confidence Score: 1/5

Not safe to merge — the file is structurally invalid as a skill and adds no functional value to the codebase in its current form.

The single changed file is misplaced (package root instead of skills/<name>/SKILL.md), missing mandatory YAML frontmatter, and contains only a 9-line stub with no agent-actionable instructions. It cannot be loaded by the skill system as-is, and a pure proposal document does not belong in a runtime package.

packages/skills/ows_proposal.md — needs to be relocated, given proper frontmatter, and filled with a complete workflow before it can function as a skill.

Important Files Changed

Filename	Overview
packages/skills/ows_proposal.md	Adds a 9-line stub proposal for an OWS wallet skill; wrong location, missing YAML frontmatter, and no actionable agent instructions — will not be loaded by the skill system as-is.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Agent needs private key] --> B{Key source?}
    B -- "Current (env vars)" --> C["process.env.EVM_PRIVATE_KEY"]
    B -- "Proposed (OWS vault)" --> D["exportWallet('my-agent-wallet')"]
    D --> E[OWS encrypted vault\nAES-256-GCM / scrypt KDF]
    E --> F[Decrypt key in-memory\nonly during signing]
    F --> G[Sign transaction]
    C --> G
    G --> H[Broadcast to chain\nEVM / Solana / Sui / etc.]

    style E fill:#f9f,stroke:#333
    style D fill:#bbf,stroke:#333

Loading

_{Reviews (1): Last reviewed commit: "feat: proposal for OWS wallet plugin" | Re-trigger Greptile}

Greptile also left 3 inline comments on this PR.

_{(3/5) Reply to the agent's comments like "Can you suggest a fix for this @greptileai?" or ask follow-up questions!}

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: af3624f6-8fc8-4de1-a764-3f846f5d7a48

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Wrong location and filename for a skill

All skills in this package live under packages/skills/skills/<skill-name>/SKILL.md (e.g. skills/1password/SKILL.md, skills/crow/SKILL.md). This file is placed at the package root with a _proposal.md suffix, which means the skill loader (loadSkillsFromDir) will never discover it and it will have no effect at runtime.

If this is meant to be an actual skill, it should be moved to packages/skills/skills/ows/SKILL.md. If it is only a design proposal, it does not belong in packages/skills/ at all — a GitHub Discussion, issue, or docs/ entry would be a more appropriate home.

[greptile-apps]

Missing required YAML frontmatter

Every skill in this package must begin with a YAML frontmatter block. The README.md documents the required fields (name, description) and optional fields (primary-env, required-bins, required-env, etc.). Without this block the skill loader will reject the file.

A minimal valid header for this skill would look like:

---
name: ows
description: Load EVM, Solana, and other chain private keys from an OWS encrypted vault instead of plain-text environment variables.
homepage: https://openwallet.sh
primary-env: node
required-bins:
  - node
---

[greptile-apps]

Stub content — no actionable instructions for the agent

Compare with the existing skills (e.g. skills/1password/SKILL.md or skills/crow/SKILL.md): each skill provides a full workflow, concrete commands/code examples, guardrails, and references. This file has 9 lines and only links to an external website.

The PR description already contains richer content (installation snippet, exportWallet call, multi-chain list, encryption details) — none of that made it into the file. For the skill to be usable, the body should include at minimum:

• Installation steps (npm install @open-wallet-standard/core or equivalent)
• Vault creation / key import workflow
• Example code for reading a key at signing time
• Guardrails (never log raw keys, vault backup, passphrase rotation)