Back to plugin

Security audit

Agent Wallet

Security checks across malware telemetry and agentic risk

Overview

This is a coherent wallet plugin, but it grants high-impact fund-moving and paid-request authority that users should review carefully before installing.

Install only if you intend to let OpenClaw operate a real wallet through this plugin. Review the x402 pay capability, avoid enabling autonomous permissions unless you understand their scope, keep wallet secrets out of plugin config where possible, and confirm that the local Python wallet runtime is from a source you trust.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

33/33 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.