ClankerKit
WarnAudited by ClawScan on May 10, 2026.
Overview
ClankerKit is a disclosed blockchain-wallet skill, but it gives the agent broad private-key-powered authority to spend, trade, pay, and call arbitrary contracts, so it should be reviewed carefully before using real funds.
Treat this as a high-risk financial automation skill. Only install it for a dedicated wallet with small balances, verify the policy engine and wallet contracts, keep strict spending limits, require human approval for mainnet actions, and consider disabling arbitrary contract execution and arbitrary endpoint payments.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent is misdirected or given unsafe parameters, it could approve tokens, transfer funds, interact with malicious contracts, or perform other irreversible blockchain actions.
The exported tool can submit an arbitrary target address, value, and calldata through the wallet. That is a broad escape-hatch capability for contract execution, not limited to the safer named swap/stake/send workflows.
async execute_transaction({ target, value = '0', data }: { target: string; value?: string; data: string }) { ... const result = await kit.execute(target as Address, BigInt(value), data as `0x${string}`);Use only a dedicated low-balance wallet, prefer testnet first, disable or gate the arbitrary transaction tool, and require explicit human confirmation and contract allowlists for any mainnet transaction.
A prompt or task error could cause the agent to pay an unintended or attacker-controlled service endpoint.
The tool manifest exposes payments to an arbitrary endpoint URL with an arbitrary USDC amount, and the schema shown does not include an allowlist or approval boundary.
"name": "pay_for_service", "description": "Pay for an x402-enabled API endpoint", ... "endpoint": { "type": "string", "description": "The API endpoint URL" }, "amount": { "type": "number", "description": "Payment amount in USDC" }Only allow payments to pre-approved endpoints, set strict spending limits, and require explicit confirmation before any payment is made.
Anyone or anything that can invoke the skill with this environment can potentially cause signed transactions from the agent wallet, subject to whatever on-chain policy actually enforces.
The skill clearly requires a raw private key so it can sign wallet transactions. This is expected for the stated purpose, but it is a high-impact credential.
| `AGENT_PRIVATE_KEY` | Yes | Agent's private key (with 0x prefix) |
Never use a personal or high-value wallet key. Create a separate agent key, fund it minimally, use policy limits and owner approval, and rotate the key if it is exposed.
A compromised or unexpectedly updated dependency could affect how transactions are built or signed.
Core wallet behavior is delegated to external npm dependencies. A package-lock is present, which helps, but users should still audit or pin these dependencies because they handle transaction construction and signing.
"dependencies": { "clankerkit": "^0.1.0", "viem": "^2.21.0" }Install from a trusted source, keep the lockfile intact, review the clankerkit package, and avoid unreviewed dependency upgrades when using real funds.