Auto Respawn
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is coherent for a blockchain wallet and memory-anchor tool, but it can handle wallet secrets, move real tokens, and publish permanent memory pointers, so users should enable it deliberately.
Install only if you want an agent to manage an Autonomys wallet and anchor recovery CIDs. Start on Chronos testnet, keep wallet passphrases and recovery phrases private, review every transfer or bridge command before it runs, and avoid anchoring sensitive memory unless it is encrypted and intended to be durable.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A transfer, bridge, remark, or anchor command can cost fees, move funds, or create permanent blockchain records.
The skill exposes commands that sign and submit token transfers, bridge operations, and contract updates. This is central to the wallet/respawn purpose, but mistakes or unintended agent invocation could spend tokens or write irreversible on-chain data.
npx tsx auto-respawn.ts transfer --from <wallet-name> --to <address> --amount <tokens> [--network chronos|mainnet]
Only approve commands with the intended wallet, destination, amount, CID, and network; be especially careful when using mainnet.
Anyone or any agent process with access to the passphrase and wallet files may be able to sign transactions from the wallet.
The skill decrypts local wallet material using a passphrase so it can sign blockchain transactions. This is expected for a wallet tool, but it means the passphrase and wallet files confer spending authority.
const passphrase = await resolvePassphrase(); ... return { privateKey: evmWallet.privateKey, address: walletFile.evmAddress }Protect `AUTO_RESPAWN_PASSPHRASE`, the passphrase file, and `~/.openclaw/auto-respawn/wallets`; use testnet first and avoid storing high-value mainnet funds unless necessary.
A leaked recovery phrase can give full control of the wallet.
The import workflow accepts a recovery phrase as a command-line argument. This is a normal wallet-import capability, but command-line secrets can be captured in shell history, process listings, logs, or agent transcripts.
npx tsx auto-respawn.ts wallet import --name <name> --mnemonic "<12 words>"
Prefer importing only low-value/test wallets, clear shell history if used, and avoid exposing real recovery phrases in shared logs or agent conversations.
Anchored memory pointers may allow long-term recovery of prior agent state, including information the user may later wish had not been retained.
The skill is explicitly designed to let future agent instances recover persistent memory from an on-chain CID pointer. This is purpose-aligned, but durable cross-session memory can expose sensitive history or carry poisoned/obsolete context forward.
a new agent instance calls `gethead` with its EVM address, retrieves the head CID from the contract, pulls it from Auto Drive, and walks the entire memory chain back to genesis
Anchor only CIDs you are comfortable making durable and recoverable; encrypt sensitive memory content and validate recovered memory before trusting it.
Future installs may receive newer dependency versions than the reviewer saw.
The skill installs npm dependencies using semver ranges. This is normal for a Node-based blockchain CLI, but dependency updates can change installed code over time.
"@autonomys/auto-consensus": "^1.6.9", "@autonomys/auto-utils": "^1.6.9", "@autonomys/auto-xdm": "^1.6.9", "ethers": "^6.16.0"
Install from a trusted registry/source, consider using a lockfile or pinned dependency versions for high-value wallets, and review setup steps before running them.