Skill

Bankr Agent - Safety & Access Control

Guides Bankr API and CLI security: read-only keys, IP whitelisting, rate limits, dedicated agent wallets, key rotation, and transaction safety.

security

authentication

Install

npx claudepluginhub bankrbot/claude-plugins --plugin bankr-agent

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Comprehensive safety guidance for using the Bankr API and CLI.

SKILL.md

Similar Skills

cache-components

Guides Next.js Cache Components and Partial Prerendering (PPR) with cacheComponents enabled. Implements 'use cache', cacheLife(), cacheTag(), revalidateTag(), static/dynamic optimization, and cache debugging.

cache-components

139.2k

mcp-builder

9 files

Guides building MCP servers enabling LLMs to interact with external services via tools. Covers best practices, TypeScript/Node (MCP SDK), Python (FastMCP).

anthropics-skills-13

124.2k

canvas-design

20 files

Generates original PNG/PDF visual art via design philosophy manifestos for posters, graphics, and static designs on user request.

anthropics-skills-13

124.2k

Stats

Parent Repo Stars70

Parent Repo Forks20

Last CommitMar 24, 2026

Actions

View Source View Plugin View on GitHub View README

Safety & Access Control

Comprehensive safety guidance for using the Bankr API and CLI.

API Key Types

Bankr uses a single key format (bk_...) with capability flags:

Flag	Controls	Default
`agentApiEnabled`	`/agent/*` endpoints	false
`llmGatewayEnabled`	LLM Gateway at `llm.bankr.bot`	false
`readOnly`	Restricts agent to read-only tools	false

Manage flags at bankr.bot/api.

Read-Only API Keys

When readOnly: true, all write tools are filtered from the agent session:

Allowed: Balances, prices, analytics, portfolio, research Blocked: Swaps, transfers, NFT purchases, staking, orders, token launches, leverage, Polymarket bets, claims

The /agent/sign and /agent/submit endpoints return 403 for read-only keys.

IP Whitelisting

Set allowedIps on your API key to restrict usage to specific IPs. Requests from non-whitelisted IPs are rejected with 403.

Empty array = all IPs allowed (default)
Non-empty array = only listed IPs can use the key

Dedicated Agent Wallet

When building autonomous agents, create a separate Bankr account rather than using your personal wallet:

Limited exposure — compromised key only exposes agent wallet funds
Clear accounting — agent transactions isolated from personal activity
Independent controls — apply stricter access controls without affecting personal use
Easy revocation — disable agent account without disrupting primary wallet

Recommended Funding

Chain	Gas Buffer	Trading Capital
Base	0.01-0.05 ETH	As needed
Polygon	5-10 MATIC	As needed
Ethereum	0.05-0.1 ETH	As needed
Solana	0.1-0.5 SOL	As needed

Rate Limits

Tier	Daily Limit
Standard	100 messages/day
Bankr Club	1,000 messages/day
Custom	Set per API key

Reset window is 24 hours from first message (rolling), not midnight.

Key Management

Store keys in environment variables (BANKR_API_KEY, BANKR_LLM_KEY), never in source code
Add ~/.bankr/ and .env to .gitignore
Rotate keys periodically at bankr.bot/api
Revoke immediately if compromised
Use separate keys for Agent API vs LLM Gateway if needed

Transaction Safety

Test first — small amounts on Base/Polygon before scaling
Verify recipients — double-check addresses before transfers
Gas buffer — keep enough native tokens for gas
Immediate execution — /agent/submit executes with no confirmation prompt
Understand calldata — verify trusted source for arbitrary transactions

Pre-Deployment Checklist

Use a dedicated agent wallet, not your personal account
Fund with limited amounts appropriate to purpose
Set read-only if agent only queries data
Configure IP whitelisting for server-side agents
Store keys in environment variables
Test with small amounts first
Implement error handling for rate limits (429) and access control (403)