Skillv1.0.0

ClawScan security

Gasless Agent Wallet(SOL/EVM) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 10, 2026, 12:31 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions align with a gasless agent wallet, but it references and requires private keys and environment variables that are not declared in the metadata and relies on fetching an unpinned npm package at runtime — together these inconsistencies raise meaningful risk for fund exfiltration or unintended autonomous transactions.
Guidance: This skill documents how to generate and use private keys and to perform on-chain transactions, but the metadata does not declare the sensitive environment variables it references and it relies on running an unpinned npm package via npx. Before installing or using it: (1) do not provide any real private keys to an agent unless you fully trust the source; (2) prefer using 'managed' wallets with human passkey control rather than 'unmanaged' autonomous wallets; (3) insist on a pinned package version or review the @agntos/agentwallet package source and maintainership on npm/GitHub; (4) test everything on devnet/testnet and isolate the agent in a sandbox; (5) require the skill owner to declare the exact env vars and deployment/install steps and demonstrate how secrets are securely stored (not environment variables in plaintext). If you cannot validate the package provenance and the skill's secret-handling, treat it as high-risk and avoid granting access to real funds.

Review Dimensions

Purpose & Capability: noteThe name and description match the SKILL.md: it is a tool for creating and using non-custodial wallets on Base and Solana. The operations shown (key generation, wallet creation, signing transactions) are consistent with that purpose. However, some operational requirements (private keys, AGENTWALLET_AGENT_SOL, AGENT_PRIVATE_KEY, WALLET_ADDRESS) appear in the instructions but are not declared in the skill metadata, which is an inconsistency.
Instruction Scope: concernSKILL.md instructs the agent to generate and use private keys, read environment variables (e.g., AGENT_PRIVATE_KEY, AGENTWALLET_AGENT_SOL, WALLET_ADDRESS), and perform on-chain transactions (including autonomous operation for 'unmanaged' wallets). The metadata does not declare these env variables or any explicit limits on agent actions. The instructions explicitly handle extremely sensitive secrets (private keys) and enable actions that move funds; this expands the agent's scope beyond what the metadata documents.
Install Mechanism: noteThe skill is instruction-only with no install spec, but the README uses npx @agntos/agentwallet. That implies runtime fetching of a remote npm package. The package name is unpinned (no version) and the skill provides no provenance or homepage. Relying on npx at runtime without pinned versions or vetted source increases supply-chain risk.
Credentials: concernThe instructions require high-sensitivity secrets (private keys) and reference environment variables, yet the skill metadata lists no required env vars or primary credential. Asking an agent to handle private keys is proportionate for this wallet purpose, but the omission from metadata and lack of guidance on secure secret provisioning (beyond general warnings) is a problematic mismatch.
Persistence & Privilege: noteThe skill is not set to always:true and is user-invocable (normal). However, the SKILL.md explicitly describes 'unmanaged' wallets that are 'fully autonomous' and encourages the agent to sign transactions programmatically. Combined with the ability for the agent to invoke skills autonomously (default), this creates a high-impact capability (moving funds) even if the skill itself does not request persistent privileges or system-wide config changes.