Defense in depth for Bankr agents: 1claw is now a Bankr Skill

Bankr already runs one of the strongest crypto agent stacks on the internet.

Natural language goes in, signed and broadcast on-chain actions come out, across Base, Ethereum, Polygon, Solana, and Unichain. Tens of thousands of real transactions. Millions in volume. Built-in wallets that ship with IP whitelisting, hallucination guards, and per-transaction verification. The Bankr agent earns its trust the hard way, by doing the work right at scale.

This post is about a new Skill that builds on that foundation: 1claw, now installable directly inside Bankr at skills.bankr.bot/skills/1claw and on GitHub at github.com/BankrBot/skills/tree/main/1claw.

Short version: Bankr handles the trading. 1claw adds an HSM-grade vault, a TEE-protected LLM proxy, and an HSM/TEE signing path for any additional external credentials and EOAs your agent needs to operate. Two specialists, same stack, defense in depth.

What 1claw actually is

1claw is secret management built for the agent era. Its three pillars line up cleanly with what an autonomous Bankr operator wants on a serious deployment.

Vault. External API keys, exchange tokens, RPC keys, third-party credentials. The stuff your strategies use to talk to the rest of the world. All of it lives in an HSM-backed vault with optional MPC key splitting across GCP, AWS, and Azure. Agents fetch what they need at runtime through scoped, short-lived JWTs. Every access is logged.

Shroud. A TEE-protected proxy that sits between your agent and your LLM provider. It inspects every request and every response. Catches prompt injection, redacts PII, blocks exfil attempts, runs inside confidential compute so nobody (1claw included) sees the plaintext.

Intents API. For additional EOAs you want to operate alongside your Bankr wallet, the Intents API offers an HSM/TEE signing path: the agent submits an intent, the infrastructure signs and broadcasts. Per-agent guardrails on chains, value caps, allowlists, daily limits. The signing key never leaves the enclave.

Why this is a great fit for Bankr

The Bankr agent already operates inside a hardened envelope. The pieces 1claw brings extend that envelope outward, into the parts of your stack that touch the world beyond Bankr itself.

A few examples of what the combination unlocks:

• You can run an autonomous strategy that calls third-party APIs (exchanges, oracles, indexers, alpha sources) without the credentials for those services ever sitting in chat history. 1claw holds them, scoped to the strategy, with a full audit trail.
• You can route the LLM portion of your agent through Shroud. Every prompt your agent generates gets scanned before it leaves. Every response gets scanned before it comes back. Prompt injection attempts get scored and blocked. Secrets and PII get redacted.
• You can operate additional EOAs (a treasury wallet, a yield-farming wallet, a separate trading wallet on Arbitrum) through the Intents API. Bankr drives the strategy. 1claw owns the keys for those external wallets. The keys live in HSM, sign in TEE, and never touch the agent's process.
• You can run multiple agents with different policies and revoke any one of them instantly. The credential itself doesn't have to change. The audit log tells you exactly what each agent did.

None of this replaces what Bankr already does well. It complements it. Bankr is the brain. 1claw is the safe.

How it plugs in

Same model as every Bankr Skill. Drop-in, portable, works wherever you drive Bankr from: the terminal, the Bankr web app, Claude Code, Cursor, or any other skills-compatible agent.

Inside Bankr, the install line is the standard one:

install the 1claw skill from https://github.com/BankrBot/skills/tree/main/1claw

If you're new to 1claw, the free tier covers 1,000 requests a month and doesn't ask for a card. Plenty for testing. Or pay-per-use on Base via x402 (read a secret for $0.0008, write one for $0.004) and skip subscriptions entirely. Higher tiers unlock multi-HSM Shamir splitting, Shroud Enterprise, and the full Intents API.

The bigger picture

Agent infrastructure is maturing on two fronts at once. The agents themselves are getting more capable. They can trade, they can deploy contracts, they can manage portfolios at scale. At the same time, the supporting infrastructure is starting to catch up: hardware-grade key custody, TEE-protected LLM traffic, signing proxies with policy enforcement. The frontier is no longer "can the agent do this." It is "can the agent do this with the security posture an institution would actually sign off on."

Bankr was already at the front of the first wave. The 1claw skill is one of the cleanest ways to push that posture into the second.

Browse the skill, install it, and try moving a small workflow through it. Then go bigger.

Skill · Source · 1claw.xyz · bankr.bot