// This skill should be used when the user asks about "API key security", "read-only key", "IP whitelist", "rate limits", "dedicated wallet", "agent wallet", "key rotation", "access control", or any safety, security, or access control topic related to Bankr.
This skill should be used when building the async job workflow, implementing polling loops, handling job status transitions, processing rich data, managing conversation threads, or understanding the full submit-poll-complete lifecycle of the Bankr Agent API.
This skill should be used when building secure Bankr integrations, implementing API key management, configuring access controls, setting up dedicated agent wallets, or handling rate limits and security best practices in Bankr API projects.
This skill should be used when building apps that need to sign messages, sign typed data (EIP-712), sign transactions, or submit raw transactions via the Bankr API. Covers the synchronous /agent/sign and /agent/submit endpoints with TypeScript patterns.
This skill should be used when the user asks about "agent profile", "create profile", "update profile", "project profile", "bankr.bot/agents", "profile page", "project updates", or any agent profile management operation.
This skill should be used when the user asks about "LLM gateway", "Bankr LLM", "LLM credits", "top up credits", "auto top-up", "llm.bankr.bot", "Claude Code gateway", "OpenClaw setup", "Cursor setup", "OpenCode setup", "LLM models", or any LLM gateway configuration or usage topic.
This skill should be used when the user asks to "sign a message", "sign typed data", "sign a transaction", "submit a transaction", "submit raw transaction", "personal_sign", "EIP-712", "eth_signTypedData", "eth_signTransaction", or any direct signing or transaction submission operation. Covers the synchronous /agent/sign and /agent/submit endpoints.
| name | Bankr Agent - Safety & Access Control |
| description | This skill should be used when the user asks about "API key security", "read-only key", "IP whitelist", "rate limits", "dedicated wallet", "agent wallet", "key rotation", "access control", or any safety, security, or access control topic related to Bankr. |
| version | 1.0.0 |
Comprehensive safety guidance for using the Bankr API and CLI.
Bankr uses a single key format (bk_...) with capability flags:
| Flag | Controls | Default |
|---|---|---|
agentApiEnabled | /agent/* endpoints | false |
llmGatewayEnabled | LLM Gateway at llm.bankr.bot | false |
readOnly | Restricts agent to read-only tools | false |
Manage flags at bankr.bot/api.
When readOnly: true, all write tools are filtered from the agent session:
Allowed: Balances, prices, analytics, portfolio, research Blocked: Swaps, transfers, NFT purchases, staking, orders, token launches, leverage, Polymarket bets, claims
The /agent/sign and /agent/submit endpoints return 403 for read-only keys.
Set allowedIps on your API key to restrict usage to specific IPs. Requests from non-whitelisted IPs are rejected with 403.
When building autonomous agents, create a separate Bankr account rather than using your personal wallet:
| Chain | Gas Buffer | Trading Capital |
|---|---|---|
| Base | 0.01-0.05 ETH | As needed |
| Polygon | 5-10 MATIC | As needed |
| Ethereum | 0.05-0.1 ETH | As needed |
| Solana | 0.1-0.5 SOL | As needed |
| Tier | Daily Limit |
|---|---|
| Standard | 100 messages/day |
| Bankr Club | 1,000 messages/day |
| Custom | Set per API key |
Reset window is 24 hours from first message (rolling), not midnight.
BANKR_API_KEY, BANKR_LLM_KEY), never in source code~/.bankr/ and .env to .gitignore/agent/submit executes with no confirmation prompt