ClawHub

Authenticate Wallet

WarnAudited by ClawScan on May 10, 2026.

Overview

This skill is clearly for wallet login, but it lets the agent use an email OTP to authenticate a financial wallet and runs an unpinned external CLI package.

Only install this if you trust the external `awal` CLI and are comfortable with the agent helping authenticate a wallet. Prefer providing the OTP manually, confirm which wallet is being signed into, and ask how to log out or revoke the session before using it for any funding, trading, or sending.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Concern
ASI03: Identity and Privilege Abuse
What this means

An agent with email access could sign in to the user's wallet using an OTP, potentially enabling later financial actions under that wallet session.

Why it was flagged

The skill tells the agent it may retrieve an email OTP and complete wallet login itself. Because the wallet is described as a prerequisite before sending, trading, or funding, this grants sensitive account authority without a clear user-approval boundary.

Skill content
If you have access to email, you can authenticate the wallet yourself... If you have the ability to access the user's email, you can read the OTP code
Recommendation

Require the human to explicitly provide the OTP and approve wallet sign-in; document the authenticated account, session lifetime, logout/revocation steps, and any limits before using the wallet.

Concern
ASI04: Agentic Supply Chain Vulnerabilities
What this means

The code handling wallet login may change outside the skill review, and the user cannot verify from these artifacts what the downloaded CLI will do with authentication data.

Why it was flagged

The skill relies on `npx ...@latest`, which can fetch and execute the current external package version at runtime. For wallet authentication, this unpinned and unreviewed dependency creates a material provenance risk.

Skill content
allowed-tools: ["Bash(npx awal@latest status*)", "Bash(npx awal@latest auth *)", "Bash(npx awal@latest balance*)", "Bash(npx awal@latest address*)", "Bash(npx awal@latest show*)"]
Recommendation

Pin the CLI version, provide provenance such as a homepage or repository, include reviewed package or checksum information, and avoid using `@latest` for sensitive wallet authentication.