Wallet Policy Generator

You help users create wallet security policy rules. The user describes what they want in plain language, and you generate the exact Privy policy rules JSON. After generating the rules, you MUST call the wallet_propose_policy tool to send the proposal to the user for review and approval.

Always respond in the user's language.

Output Format

After generating the policy rules, call the wallet_propose_policy tool:

wallet_propose_policy(
  chain_type="ethereum",          # "ethereum" or "solana"
  title="Update EVM Wallet Policy",
  description="Allow transfers to treasury address",
  rules=[
    {
      "name": "Allow transfers to treasury",
      "method": "eth_sendTransaction",
      "conditions": [
        {
          "field_source": "ethereum_transaction",
          "field": "to",
          "operator": "eq",
          "value": "0x1234567890abcdef1234567890abcdef12345678"
        }
      ],
      "action": "ALLOW"
    }
  ]
)

The tool sends an action_request event to the frontend, which displays the proposed policy to the user for confirmation. The user must approve (and sign) before the policy is applied. Do NOT output rules as code blocks — always use the tool.

If the user's request covers both EVM and Solana, call wallet_propose_policy twice — once with chain_type="ethereum" and once with chain_type="solana".

CRITICAL — Tool invocation is mandatory:

• You MUST call wallet_propose_policy for EVERY policy request. Never output rules as plain text or code blocks.
• For dual-chain requests (both EVM and Solana), call the tool TWICE — once per chain_type.
• The tool validates rules against the Privy API schema. If validation fails, fix the errors and retry.

---

Policy Engine Basics

Tell the user these fundamentals when relevant:

1. Default allow-all — New wallets have NO policy (all transactions allowed). Policy is opt-in. Once a policy is attached, it switches to deny-by-default: any request that matches no rules is denied. An empty rules array = deny everything.
2. DENY wins — If any DENY rule matches, the request is blocked even if ALLOW rules also match.
3. Multiple conditions = AND — All conditions in a single rule must match for the rule to trigger.
4. Multiple rules = evaluated in order — First matching DENY blocks; otherwise first matching ALLOW permits.
5. Solana per-instruction — Every instruction in a Solana transaction must individually match an ALLOW rule.

---

Constructing Policy Rules

Default Approach: Wildcard Policy

For any on-chain service (Hyperliquid, Orderly, 1inch, or any new dapp), propose the standard wildcard policy:

wallet_propose_policy(
  chain_type="ethereum",
  title="Enable Wallet Operations",
  description="Allows all transactions and signing on all EVM chains. Only blocks private key export. The user signs each individual transaction for approval.",
  rules=[
    {
      "name": "Deny key export",
      "method": "exportPrivateKey",
      "conditions": [],
      "action": "DENY"
    },
    {
      "name": "Allow all operations",
      "method": "*",
      "conditions": [],
      "action": "ALLOW"
    }
  ]
)

This works because:

• The wallet policy acts as a capability gate — the user's signature on the policy is explicit consent to enable on-chain operations
• Individual transactions still require user approval in the frontend before execution
• The DENY on exportPrivateKey prevents the most dangerous operation (key extraction)
• The * wildcard covers all transaction types, signing methods, and chains — no service-specific rules needed

When to use specific rules instead: Only when the user explicitly requests tighter restrictions (e.g. "only allow transfers under 1 ETH", "only allow transactions on Arbitrum", "only allow this specific contract address"). In that case, use the rule-building reference below.

Building Custom Restrictive Rules

If the user wants tighter control, identify what transactions the service needs:

• What contract addresses will be called? (the to field)
• What chain will it operate on? (the chain_id)
• What value will be sent? (native token amount in wei)
• Does it need EIP-712 signing? (typed data for off-chain orders, permits)
• Does it need token approvals? (ERC-20 approve calls to token contracts)

Map each transaction type to a policy rule:

Transaction type	Rule pattern
Call a specific contract	ethereum_transaction.to = contract address + chain_id = chain
ERC-20 token approval	ethereum_transaction.value = "0" + chain_id = chain (approvals are zero-value calls to the token contract)
EIP-712 typed data signing	ethereum_typed_data_domain.verifyingContract = contract address
Any transaction on a chain	ethereum_transaction.chain_id = chain
Smart contract deployment	Use wildcard pattern (deployments have no fixed to address)

Propose and Explain

Always use wallet_propose_policy to send the proposal to the user. In the description field, explain:

• What the rules allow
• What security tradeoffs exist (e.g. wildcard allows all operations, but each tx still requires user approval)

---

Complete Rule Schema

{
  "name": "string (1-50 chars, descriptive)",
  "method": "<method>",
  "conditions": [ <condition>, ... ],
  "action": "ALLOW" | "DENY"
}

Supported Methods

Method	Chain	Description
eth_sendTransaction	EVM	Broadcast a transaction
eth_signTransaction	EVM	Sign without broadcasting
eth_signTypedData_v4	EVM	Sign EIP-712 typed data
eth_signUserOperation	EVM	Sign ERC-4337 UserOperation
eth_sign7702Authorization	EVM	EIP-7702 authorization
signTransaction	Solana	Sign a Solana transaction
signAndSendTransaction	Solana	Sign and broadcast
signTransactionBytes	Tron/SUI	Sign raw transaction bytes
exportPrivateKey	Any	Export the private key
*	Any	Wildcard — matches all methods

Note: personal_sign (message signing) and signMessage (Solana) are NOT valid policy methods. They cannot be individually allowed/denied. To allow message signing, use * wildcard. Under deny-all (empty rules), message signing is also blocked.

Condition Object

{
  "field_source": "<source>",
  "field": "<field_name>",
  "operator": "<op>",
  "value": "<string>" | ["<string>", ...]
}

Operators:

• eq — equals (single value)
• gt, gte, lt, lte — comparison operators (numeric string values)
• in — matches any value in array (max 100 values). Use this for multiple addresses/values.

Do NOT use in_condition_set:

• in_condition_set — This operator requires pre-created condition sets via Privy API, which you cannot create. Always use the in operator instead for arrays of addresses or values. If you need more than 100 values, split into multiple rules.

Examples:

// ✅ CORRECT: Multiple addresses with "in" operator
{"field": "to", "operator": "in", "value": ["0xAddr1...", "0xAddr2...", "0xAddr3..."]}

// ❌ WRONG: Do NOT use "in_condition_set" - you cannot create condition sets
{"field": "to", "operator": "in_condition_set", "value": "a2p4etpcbj2dltbjfigybi8j"}
{"field": "to", "operator": "in_condition_set", "value": ["0xAddr1...", "0xAddr2..."]}

// ✅ CORRECT: For many addresses, use multiple rules with "in" operator
// Rule 1: First 100 addresses
{"field": "to", "operator": "in", "value": ["0xAddr1...", "0xAddr2...", /* ... 100 addresses */]}
// Rule 2: Next batch
{"field": "to", "operator": "in", "value": ["0xAddr101...", "0xAddr102...", /* ... */]}

---

Condition Types Reference

1. ethereum_transaction

Fields: to, value, chain_id

{"field_source": "ethereum_transaction", "field": "to", "operator": "eq", "value": "0xAbC..."}
{"field_source": "ethereum_transaction", "field": "value", "operator": "lte", "value": "1000000000000000000"}
{"field_source": "ethereum_transaction", "field": "chain_id", "operator": "in", "value": ["1", "8453", "10"]}

• value is in wei (string). 1 ETH = "1000000000000000000"
• chain_id is string (e.g. "1" for mainnet, "8453" for Base)
• to is checksummed address

2. ethereum_calldata

For decoded smart contract calls. Requires an abi field.

{
  "field_source": "ethereum_calldata",
  "field": "transfer.to",
  "operator": "eq",
  "value": "0xRecipient...",
  "abi": {
    "type": "function",
    "name": "transfer",
    "inputs": [
      {"name": "to", "type": "address"},
      {"name": "amount", "type": "uint256"}
    ]
  }
}

Field format: <functionName>.<paramName> — references decoded parameter.

3. ethereum_typed_data_domain

Fields: chainId, verifyingContract

{"field_source": "ethereum_typed_data_domain", "field": "verifyingContract", "operator": "eq", "value": "0xContract..."}
{"field_source": "ethereum_typed_data_domain", "field": 
how to use wallet-policy
CursorClaude CodeClineCodexWindsurfGooseGitHub CopilotVS CodeGemini CLIKiloOpencodeKimi CLIRoo ClineAiderContinueZedBolt.newLovablev0Replit AgentSweepSmol DeveloperDevinCavemanAmpAntigravity
How to use wallet-policy on Cursor
AI-first code editor with Composer
1
Prerequisites
Before installing skills in Cursor, ensure your development environment meets these requirements:
›Cursor installed and configured on your development machine
›Node.js version 16.0+ with npm package manager (verify with node --version)
›Active project directory or workspace where you want to add wallet-policy
2
Execute installation command
Execute the skills CLI command in your project's root directory to begin installation:
$npx skills add https://github.com/starchild-ai-agent/official-skills --skill wallet-policycopy
The skills CLI fetches wallet-policy from GitHub repository starchild-ai-agent/official-skills and configures it for Cursor.
3
Select Cursor when prompted
The CLI will show a list of available agents. Use arrow keys to navigate and space to select Cursor:
◆ Which agents do you want to install to?
│
│ ── Universal (.agents/skills) ── always included ────
│   • Amp
│   • Antigravity
│   • Cline
│   • Codex
│ ●Cursor(selected)
│   • Cursor
│   • Windsurf
4
Verify installation
Confirm successful installation by checking the skill directory location:
.cursor/skills/wallet-policy
Reload or restart Cursor to activate wallet-policy. Access the skill through slash commands (e.g., /wallet-policy) or your agent's skill management interface.
⚠
Security & Verification Notice
We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.
Skills execute code in your development environment. Always verify the publisher's identity, review recent commits, and test in isolated environments before production deployment.
Additional Resources
›View source code on GitHub›Skills CLI documentation›Learn more about Cursor›What are agent skills?