ClawHubCN
@kerimatalayturkish-dotcom

Engine miner Wallet

OpenClaw-installable Taproot-first wallet scaffold for Engine miner.

Download plugin View Git source
Current version
v0.1.0
code-pluginCommunitysource-linked

Engine miner OpenClaw Wallet Plugin

Purpose: local scaffold for an OpenClaw-installable, Taproot-first wallet plugin for Engine miner.

This package is intentionally a scaffold.

What exists now:

  • native OpenClaw plugin package structure
  • openclaw.plugin.json manifest
  • installable runtime entry at index.js
  • Windows DPAPI-backed secret storage when no passphrase is supplied
  • explicit passphrase-encrypted keystore fallback for non-Windows or portable setups
  • BIP86 Taproot payout-address derivation
  • human-only admin entrypoint for wallet initialization and inspection
  • placeholder claim tools that expose the intended claim-first interface
  • standalone companion skill prepared for separate ClawHub publishing

What does not exist yet:

  • secure keystore integration
  • PSBT construction or signing
  • Engine miner API integration
  • Alkanes claim transaction validation
  • Bitcoin broadcast integration

Folder Layout

engine-miner-wallet/
  admin.js
  package.json
  openclaw.plugin.json
  index.js
  lib/
    keystore.js
    taproot.js
    wallet-core.js
  README.md
  SECURITY.md

Current Tool Surface

  • engine_miner_wallet_status
  • engine_miner_wallet_get_payout_address
  • engine_miner_wallet_sign_registration_challenge
  • engine_miner_wallet_list_claimable_rewards
  • engine_miner_wallet_prepare_claim
  • engine_miner_wallet_sign_prepared_claim
  • engine_miner_wallet_broadcast_prepared_claim

The wallet status, payout-address, and registration-signing tools are real.

The claim tools still return scaffold metadata only.

Registration signing details:

  • signs with the same BIP86 Taproot identity key as the payout address
  • canonical payload includes challenge, expiry, optional domain, network, address, x-only pubkey, and derivation path
  • payload is hashed with the tag EngineMinerRegistrationChallenge/v1
  • signature format is BIP340 Schnorr in hex encoding

Bitcoin and Alkanes boundary:

  • this wallet is still a Bitcoin wallet at the custody and signing layer
  • it can be used for Alkanes flows because Alkanes actions settle through Bitcoin transactions rather than a separate chain wallet

Human-Only Admin Command

The keystore and Taproot layer is initialized through the local admin command, not the agent tool surface.

Examples:

npm install
node .\admin.js init --network mainnet
node .\admin.js status
node .\admin.js address

Portable encrypted-file mode:

node .\admin.js init --network signet --passphrase "choose-a-strong-passphrase"
node .\admin.js address --passphrase "choose-a-strong-passphrase"

Runtime environment variables:

  • ENGINE_MINER_WALLET_STATE_DIR overrides the wallet storage directory
  • ENGINE_MINER_WALLET_PASSPHRASE unlocks encrypted-file keystores for admin commands or OpenClaw runtime use

Windows behavior:

  • if no passphrase is supplied, the mnemonic is stored with DPAPI-backed PowerShell SecureString encryption for the current user
  • this is machine-and-user bound, which is appropriate for a local OpenClaw agent host

Non-Windows behavior:

  • use a passphrase-backed encrypted keystore file until a native OS secret-store adapter is added

Local Install Shape

This package is structured so it can be installed into OpenClaw as a local plugin package.

It is also prepared for ClawHub code-plugin publishing under the package name @kerimatalayturkish-dotcom/engine-miner-openclaw-wallet.

Typical local install flow:

openclaw plugins install "C:\path\to\engine-miner-openclaw-wallet"

ClawHub publish flow:

clawhub login
clawhub whoami
npm pack
$tgz = (Resolve-Path ".\kerimatalayturkish-dotcom-engine-miner-openclaw-wallet-0.1.0.tgz").Path
clawhub package publish "$tgz" --family code-plugin --owner kerimatalayturkish-dotcom --source-repo kerimatalayturkish-dotcom/engine-miner-openclaw-wallet --source-commit YOUR_COMMIT_SHA --source-ref main --dry-run
clawhub package publish "$tgz" --family code-plugin --owner kerimatalayturkish-dotcom --source-repo kerimatalayturkish-dotcom/engine-miner-openclaw-wallet --source-commit YOUR_COMMIT_SHA --source-ref main --clawscan-note "Taproot-first Engine miner wallet plugin. Stores secrets locally with DPAPI on Windows or passphrase-encrypted fallback. Refuses arbitrary sends and only exposes narrow Engine miner registration and claim flows."

Windows note:

  • if clawhub package publish <folder> fails with spawnSync npm ENOENT, publish the packed .tgz artifact instead
  • this avoids the Windows folder-packaging path that tries to spawn npm internally
  • ClawHub may also require explicit source provenance for code plugins; for this repo, pass --source-repo, --source-commit, and --source-ref
  • on this Windows shell, clawhub accepted the tarball only when passed as an absolute path resolved through Resolve-Path

Companion standalone skill publish flow:

clawhub skill publish ".\skills\engine-miner-wallet" --owner kerimatalayturkish-dotcom --slug engine-miner-wallet --version 0.1.0

Then enable it in ~/.openclaw/openclaw.json:

{
  "plugins": {
    "entries": {
      "engine-miner-wallet": {
        "enabled": true,
        "config": {
          "network": "mainnet",
          "policyMode": "claim_only",
          "walletStateDir": "C:\\Users\\yasha\\.engine-miner-wallet",
          "engineMinerApiUrl": "https://example.com/api",
          "alkanesProviderUrl": "https://mainnet.subfrost.io/v4/jsonrpc",
          "requireBroadcastConfirmation": true,
          "maxFeeSats": 5000
        }
      }
    }
  }
}

Restart the gateway after installation.

ClawHub Security Posture

This package has been tightened for a safer ClawHub install experience:

  • scoped package name matches the intended publisher handle: @kerimatalayturkish-dotcom/...
  • required OpenClaw compatibility metadata is present in package.json
  • packaged files are restricted through the files allowlist
  • mnemonic export is not exposed through the agent tool surface
  • arbitrary send-anywhere wallet actions are not exposed
  • registration and claim flows are constrained by purpose and policy

See ./SECURITY.md for the end-user security checklist and publish guidance.

Why The Scaffold Is Claim-First

Engine miner agents should not receive a generic send-anywhere Bitcoin wallet.

This package is designed to become:

  • Taproot-first
  • claim-focused
  • safe enough for OpenClaw agents
  • Engine miner-specific rather than a universal wallet

Next Implementation Steps

  1. add claim receipt verification
  2. add PSBT validation and signing
  3. add Bitcoin broadcast provider integration

See ../docs/ENGINE-MINER-OPENCLAW-TAPROOT-WALLET-PLUGIN.md for the full architecture.

Source and release

Source repository

kerimatalayturkish-dotcom/engine-miner-openclaw-wallet

Open repo

Source commit

33cd3aa238d5c173f2a06f117a13023ada0ac55b

View commit

Install command

openclaw plugins install clawhub:@kerimatalayturkish-dotcom/engine-miner-openclaw-wallet

Metadata

  • Package: @kerimatalayturkish-dotcom/engine-miner-openclaw-wallet
  • Created: 2026/05/24
  • Updated: 2026/05/24
  • Executes code: Yes
  • Source tag: main

Compatibility

  • Built with OpenClaw: 2026.5.17
  • Plugin API range: >=2026.5.17
  • Tags: latest
  • Files: 9