The most important question anyone should ask before letting an AI agent near their crypto is: how much access does it actually have?

For most solutions in this space, the honest answer is: all of it. API key access, full wallet control, your private key handled by someone else’s server. If the agent goes rogue, if the platform gets compromised, or if you simply change your mind, you are in a difficult position.

CoinFello was designed around a different answer. Here is exactly how it works:

What a delegation is

When you give CoinFello permission to act on your behalf, you are not handing over your wallet. You are granting a delegation: a specific, limited permission you can delete at any time to spend up to a defined amount of a defined token within a defined time window.

Think of it like a prepaid card with a spending ceiling. You load it with a specific amount. You set an expiry. CoinFello can only draw against what you have authorized. When the allowance runs out, or when you delete it, the card stops working. Your main wallet is untouched throughout.

The technical foundation

Delegations on CoinFello are built on ERC-7710, Ethereum standards for smart account permissions. These enable fine-grained, onchain, cryptographically enforced permission scopes. Unlike API key models where the agent has full access at the application layer, ERC-7710 permissions are enforced at the smart contract level.

CoinFello is built on MetaMask Smart Accounts Kit, which implements these standards and has been audited for production use.

What CoinFello can and cannot do

• It CAN execute transactions up to your specified allowance, in the token you specified, within the time window you set.

• It CANNOT access funds outside of the delegation.

• It CANNOT exceed the token or amount limits you defined.

• It CANNOT act after the delegation expires or is deleted.

• It CANNOT see or access your private key at any point.

Where your keys live

Your private keys never leave your device. CoinFello does not hold them, does not pass them to a server, and does not have access to them in any form.

On macOS, keys are protected by the Secure Enclave: a dedicated hardware chip physically separated from the main processor. This is the same chip that protects Face ID and Apple Pay credentials. Even if CoinFello’s servers were compromised, your keys would be unaffected.

Every transaction, in plain language, before it runs

Before any transaction executes, CoinFello shows you exactly what it is about to do in plain language. The token. The amount. The destination. The estimated gas. You confirm it. Then it runs.

There is no silent execution. No background activity you have not approved. Every action within your delegation is visible, reviewable, and confirmable before it happens.

How to delete

If you want to stop CoinFello from acting on your behalf, you delete the automation the delegation is associated with. This can be done at any time from the app. Deleting an automation happens onchain and is immediate. Any pending execution stops.

You do not need to contact support. You do not need to wait for an approval process. The permission was yours to give, and it is yours to take back.

Why this matters for the OpenClaw ecosystem

The same delegation model applies when CoinFello powers a personal AI agent. Your OpenClaw agent or other agent receives only the permissions you have explicitly granted. Sub-delegation support means that even if your agent delegates to another agent downstream, each layer only ever receives the minimum permissions needed for the task.

No agent in the chain gets more access than you intended.

The bottom line

To answer the question: how much access does an AI agent actually have? With CoinFello, the answer is precise: exactly what you defined, for exactly the token you chose, for exactly as long as you decided, with your agent never touching your private key.

That is what self-custody with an AI agent should look like.

Try it at app.coinfello.com.