Cavos Cli
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill is a coherent Cavos/Starknet wallet helper, but it enables irreversible token transfers, spending approvals, and contract execution without clear confirmation or token-scope safeguards.
Only use this skill if you trust the Cavos CLI and intend to let the agent help operate a Starknet wallet. Treat every transfer, approval, execute, and multicall as irreversible: confirm all details, simulate first, use limited session tokens, and revoke sessions after use.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken, manipulated, or overly autonomous invocation could send assets, approve excessive spending, or execute an unintended on-chain transaction.
These commands can transfer wallet assets, approve third-party spending, or execute arbitrary contract calls. They are presented as core commands without an explicit human confirmation or transaction-review requirement.
`npx @cavos/cli transfer --to <address> --amount <amount> --token <token> --json`; `npx @cavos/cli approve --spender <address> --amount <amount> --token <token> --json`; `npx @cavos/cli execute --contract <address> --entrypoint <method> --calldata <comma_separated_vals> --json`
Require explicit user confirmation for every mutating transaction, including wallet address, recipient, token, amount, allowance, contract, entrypoint, calldata, fees, and simulation result before execution.
If a broad or long-lived session token is imported, the agent or CLI environment may retain wallet authority beyond the immediate task.
A Cavos session token can authorize wallet/account activity. The artifact does not bound token scope, lifetime, storage location, revocation, or which operations the imported session may perform.
**Import Session**: Import a session token provisioned from the [Dashboard](https://agent.cavos.xyz/). `npx @cavos/cli session import <token>`
Use short-lived, least-privilege session tokens, confirm what permissions they grant, revoke them after use, and document where the CLI stores session state.
The behavior of the CLI may change over time, and the command will depend on the package resolved by the local npm/npx environment.
The skill relies on running `@cavos/cli` through `npx` without a pinned version. This is central to the skill's purpose, but package updates or package-source confusion could affect wallet operations.
`npx @cavos/cli whoami --json`
Verify the official Cavos CLI package, consider pinning a trusted version such as `@cavos/cli@<version>`, and avoid running it with high-value wallet sessions until verified.