Fund
PassAudited by ClawScan on May 1, 2026.
Overview
This skill is coherent for funding a wallet, but users should trust the external wallet CLI and carefully confirm any Coinbase Pay purchase details.
This skill appears aligned with its purpose: it checks wallet status, opens the wallet companion app, and leaves the actual Coinbase Pay purchase to the user. Install it only if you trust the external awal CLI, and always verify the amount, payment method, wallet address, and Base/USDC details before paying.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The wallet funding workflow depends on a third-party CLI package that could change over time.
The skill relies on running an external npm package at @latest, so the executed CLI code is not pinned to a reviewed version.
allowed-tools: ["Bash(npx awal@latest status*)", "Bash(npx awal@latest show*)", "Bash(npx awal@latest address*)", "Bash(npx awal@latest balance*)"]
Use this only if you trust the awal CLI source; a safer version would pin the CLI version or provide a clearer provenance/install specification.
The skill can expose wallet status, address, balance, and open a funding flow where the user may spend money.
The skill expects an authenticated wallet context and routes the user to a payment/onramp flow, which is sensitive financial account activity but matches the stated purpose.
Must be authenticated (`npx awal@latest status` to check) ... User completes payment through Coinbase Pay
Before completing any funding action, confirm the wallet address, amount, payment method, network, and Coinbase Pay page are correct.