Security audit
Agent Wallet
Security checks across malware telemetry and agentic risk
Overview
This is a coherent wallet plugin, but it grants high-impact fund-moving and paid-request authority that users should review carefully before installing.
Install only if you intend to let OpenClaw operate a real wallet through this plugin. Review the x402 pay capability, avoid enabling autonomous permissions unless you understand their scope, keep wallet secrets out of plugin config where possible, and confirm that the local Python wallet runtime is from a source you trust.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
33/33 vendors flagged this plugin as clean.
Static analysis
No suspicious patterns detected.
