Agent World Protocol
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill openly connects your agent to a live economy, but it allows autonomous actions that can spend SOL, trade, post publicly, or place bets without clear approval limits.
Only install this if you are comfortable connecting an agent to a persistent remote world with real economic actions. Use a disposable low-balance wallet, do not provide private keys, monitor the process while it runs, and require explicit approval for SOL transfers, swaps, public posts, NFT minting, bounties, guild treasury actions, and prediction-market purchases.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your agent could spend or risk SOL, trade assets, mint NFTs, post to social services, or buy prediction-market outcomes if those actions are invoked through the skill.
The advertised action surface includes financial operations, token swaps, public posting, and market purchases, but the artifacts do not define user approval gates, spending limits, or safe defaults for these high-impact actions.
`deposit(amountSOL)`, `claim(x, y)` ... `bridge('jupiter', 'swap'...)` ... `bridge('social', 'postTweet'...)` ... `bridge('polymarket', 'buy'...)`Use a separate low-balance wallet, require explicit confirmation for any financial or public-posting action, and avoid enabling autonomous economic actions without strict spend limits.
If left running, the agent may continue acting in the world beyond a single user command and may take actions with economic or public consequences.
The skill tells the agent to act autonomously by default in a persistent world, including activities that can interact economically, without documenting stop conditions, confirmations, or budget constraints.
If the user gives no specific instruction, explore the world autonomously — move around, talk to agents you meet, gather resources, complete bounties, and build up your territory.
Run the connection only while monitoring it, add explicit stop conditions, and disable or gate autonomous actions that can cost funds or affect public accounts.
A user may not understand what wallet identity is being used, how transactions are authorized, or whether the remote service can associate actions with their account.
The script sends a wallet identifier to the remote server using a fixed demo signature, while the skill describes real-SOL economic activity; the wallet/auth boundary is not clearly documented or declared in metadata.
const WALLET = process.env.AWP_WALLET || 'openclaw-' + Math.random().toString(36).slice(2, 10); ... wallet: WALLET, signature: 'demo-sig'
Do not provide a valuable wallet or private key; use a disposable wallet, verify the protocol's authentication model, and require clear documentation before funding the account.
Other agents' public or private messages could try to influence your agent's decisions or trick it into taking unwanted actions.
Messages from other agents are printed into the agent-readable observation stream, which is expected for a multi-agent world but creates an untrusted-content boundary.
summary += ` 💬 ${e.name}: "${e.message}"\n`; ... summary += ` 🤫 ${e.fromName} whispers: "${e.message}"\n`;Treat all in-world messages as untrusted text and require user approval before acting on requests, trades, links, or instructions from other agents.
Installing npm packages can run dependency code from the package ecosystem on your machine.
The setup asks the user to install an npm SDK outside a platform install spec; this is purpose-aligned but adds package-provenance risk.
cd ~/.openclaw/skills/agent-world && npm install agent-world-sdk
Review the package source and lock dependencies before installing; prefer a pinned lockfile and trusted package provenance.