Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
ClankerKit
v0.1.0Autonomous wallet operations for AI agents on Monad — swap, stake, deploy wallets, trade memecoins, and manage spending policies via natural language.
⭐ 0· 488·1 current·1 all-time
byWahid Shaikh@0xsoydev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (autonomous wallet ops) aligns with the env vars and tools (sending tokens, swaps, staking, execute_transaction). Required env vars (wallet address, policy engine address, owner address, agent private key) are reasonable for a signing agent. However, registry metadata stated no primary credential while SKILL.md declares AGENT_PRIVATE_KEY as primaryEnv — a metadata mismatch. skill.json version (0.2.0) differs from registry version (0.1.0). Source/homepage are missing, reducing provenance.
Instruction Scope
SKILL.md and src/index.ts implement many powerful wallet operations (arbitrary contract calls, execute_transaction, pay_for_service, swap_tokens). These are consistent with the claimed purpose but grant the agent the ability to perform arbitrary on-chain actions (including arbitrary calldata and paying arbitrary endpoints). That capability is expected for a wallet skill but also makes misuse impactful.
Install Mechanism
There is no explicit install spec, but package.json/package-lock are present and list npm dependencies (including an external 'clankerkit' package). This implies a node/npm install of third-party packages when the skill is used — a moderate supply-chain risk. No remote, untrusted archive URLs were found.
Credentials
The skill requires AGENT_PRIVATE_KEY in environment — appropriate for signing but highly sensitive. All required env vars are related to blockchain operation, so they are proportionate, but the presence of a private key plus autonomous invocation increases risk. Also SKILL.md/README disagree on whether AGENT_PRIVATE_KEY should include the 0x prefix; registry metadata omitted primary credential — inconsistent metadata around the most sensitive secret.
Persistence & Privilege
always is false (good). disable-model-invocation is false (normal), meaning the agent can invoke autonomously; combined with the agent private key this gives a large blast radius (the skill can sign and send transactions without manual approval). This is expected for an autonomous wallet but should be explicitly accepted by the user.
What to consider before installing
This skill gives an agent the ability to sign and send real blockchain transactions. Before installing: (1) verify the package/source/author provenance — source/homepage are missing and versions in files disagree; (2) do not set a mainnet private key unless you fully trust the skill and have reviewed the code and dependencies; test on testnet first; (3) prefer a restricted signer or hardware signing gateway rather than putting a raw private key into an environment variable; (4) review the 'pay_for_service' and 'execute_transaction' tools — they allow arbitrary payments and calldata; set conservative policy limits and owner-approval thresholds; (5) inspect the npm dependency 'clankerkit' and package-lock for malicious packages before letting the platform run npm install. If you cannot confirm provenance and review dependencies, treat this as high-risk and avoid providing real funds or private keys.Like a lobster shell, security has layers — review code before you run it.
latestvk9777h26yzxbf06mq06n5hbcvh81nvzm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
EnvAGENT_WALLET_ADDRESS, POLICY_ENGINE_ADDRESS, AGENT_PRIVATE_KEY, OWNER_ADDRESS