Fund
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: fund Version: 0.1.0 The skill is classified as suspicious due to a critical shell injection vulnerability present in the `allowed-tools` definition within `SKILL.md`. The use of a wildcard `*` (e.g., `Bash(npx awal@latest status*)`) permits arbitrary command execution after the `npx awal@latest [subcommand]` prefix. While the skill's instructions themselves are benign and describe a legitimate wallet funding process, this configuration flaw allows an attacker or a compromised agent to append and execute malicious shell commands, posing a significant remote code execution risk. There is no evidence of intentional malicious behavior within the provided files, only a severe vulnerability.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The wallet funding workflow depends on a third-party CLI package that could change over time.
The skill relies on running an external npm package at @latest, so the executed CLI code is not pinned to a reviewed version.
allowed-tools: ["Bash(npx awal@latest status*)", "Bash(npx awal@latest show*)", "Bash(npx awal@latest address*)", "Bash(npx awal@latest balance*)"]
Use this only if you trust the awal CLI source; a safer version would pin the CLI version or provide a clearer provenance/install specification.
The skill can expose wallet status, address, balance, and open a funding flow where the user may spend money.
The skill expects an authenticated wallet context and routes the user to a payment/onramp flow, which is sensitive financial account activity but matches the stated purpose.
Must be authenticated (`npx awal@latest status` to check) ... User completes payment through Coinbase Pay
Before completing any funding action, confirm the wallet address, amount, payment method, network, and Coinbase Pay page are correct.