KarmaBank

WarnAudited by ClawScan on May 10, 2026.

Overview

KarmaBank has a coherent lending purpose, but it handles high-privilege wallet credentials and includes unsafe or under-reviewed financial plumbing that should be reviewed before use.

Install only if you are comfortable auditing the npm dependencies and wallet code. Use sandbox/testnet Circle credentials, verify the recipient wallet before borrowing, avoid --yes for real funds, and expect a local ledger file to store loan history.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

High

#ASI02: Tool Misuse and Exploitation

What this means

A borrow operation could send funds to an unusable address if wallet registration or local state is missing or corrupted.

Why it was flagged

The included credit service disburses a loan to a zero-address fallback instead of failing when no borrower wallet address is present. In a real Circle wallet flow, that is an unsafe default for a transfer.

Skill content

agent.walletAddress || '0x0000000000000000000000000000000000000000',
        amount

Recommendation

Fail closed unless a validated recipient wallet address is present, and require explicit user/admin confirmation showing recipient and amount before any transfer.

High

#ASI03: Identity and Privilege Abuse

What this means

Providing these credentials could allow the skill’s code path to create/manage wallets or move pool funds under the admin’s Circle account.

Why it was flagged

This asks for delegated wallet-management credentials. The registry metadata supplied for the skill declares no required env vars or primary credential, so the high-impact account authority is under-disclosed at install time.

Skill content

- **Circle API Key & Entity Secret**
  - Required for real wallet integration
  - Used to create and manage the pool wallet

Recommendation

Use only sandbox/testnet and least-privilege credentials, verify the code paths before providing Circle secrets, and require the skill metadata to declare all credentials and scopes.

Medium

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

Unreviewed local dependency code could affect build/runtime behavior or credential handling.

Why it was flagged

npm install can resolve an adjacent local package outside the provided manifest and reviewed files. That is a provenance gap, especially for a skill handling wallet credentials and transfers.

Skill content

"@circle/openclaw-wallet-skill": "file:../skills/circle-wallet"

Recommendation

Vendor or publish the wallet dependency with a pinned version/checksum, include it in the reviewed artifact set, or remove the local file dependency.

Low

#ASI06: Memory and Context Poisoning

What this means

Agent names, loan status, and transaction history may persist in the skill directory.

Why it was flagged

The skill maintains a persistent local ledger for credit and loan records. This is expected for the stated purpose but users should know the data remains on disk.

Skill content

CREDIT_LEDGER_PATH=.credit-ledger.json

Recommendation

Keep the ledger path scoped and protected, and delete or rotate it when the lending data is no longer needed.