Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agnic
v1.0.0Complete AI agent wallet with payments, trading, email, and on-chain identity. Use when the user wants to manage their agent's wallet, make payments, trade t...
⭐ 0· 57·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description match the SKILL.md: it provides wallet, payments, trading, email, identity, and an AI gateway. Those capabilities legitimately require network access, auth flows, and signing operations. However, the skill does not declare any credentials or configuration even though those capabilities normally require keys or private signing material.
Instruction Scope
SKILL.md instructs the agent to run npx agnic@latest commands that perform OAuth, send email, make payments, execute trades, and chat with external AI models. Those are high-impact, real-world actions. The instructions contain no explicit safety checks, confirmation prompts, or limits and do not explain where credentials come from (local keys, prompts, or external services). The workflow encourages automatic signup/payment flows and emailing results, which could cause unintended transactions or data exfiltration.
Install Mechanism
No install spec is provided, but the allowed-tools and SKILL.md direct runtime use of `npx agnic@latest`, which fetches and executes code from the npm registry on demand. Running unpinned `@latest` packages via npx is a significant runtime code-fetch risk (no provenance/integrity guarantees or pinned version). The skill could execute arbitrary code fetched at runtime.
Credentials
The skill declares no required environment variables or credentials, yet the documented commands imply the need for OAuth tokens, wallet keys, payment signing, and AI provider API keys. The absence of declared credentials is a mismatch: the agent or the npx package will need to obtain/store secrets somehow (browser OAuth, local credential stores, or interactive prompts), which increases the chance of unexpected credential access or exfiltration.
Persistence & Privilege
always is false, but disable-model-invocation is false (the agent may invoke the skill autonomously). Combined with the ability to make payments, trade tokens, and send email, autonomous invocation increases blast radius. The skill also allows running remote code (npx) — if invoked autonomously this could lead to unapproved transactions or data leakage.
What to consider before installing
This skill will run `npx agnic@latest` commands at runtime to perform real-world wallet, payment, trading, and email actions. Before installing or enabling it: (1) Treat it as high-risk — it may request or use credentials and can execute arbitrary npm code; (2) Prefer a vetted, pinned package version (avoid `@latest`) and inspect the npm package source before allowing execution; (3) Require explicit interactive confirmations for any transaction or email send, or disable autonomous invocation; (4) Test in a sandbox with a throwaway wallet and minimal funds; (5) Consider restricting network/execution permissions or running the agent where npx cannot fetch remote code; (6) If you lack the ability to audit the npm package, decline installation or only use a version published by a known, trusted maintainer.Like a lobster shell, security has layers — review code before you run it.
latestvk97fctscjetjj4nrmnhf9ttp2984d54a
License
MIT-0
Free to use, modify, and redistribute. No attribution required.