WalletPilot
WarnAudited by ClawScan on May 10, 2026.
Overview
WalletPilot asks an AI agent to operate crypto wallets and spend or sign assets, but the supplied package contains only instructions and no verifiable guardrail implementation.
Only consider this skill if you can inspect the complete source and guardrail implementation. Do not use a main wallet or import an existing seed phrase; if testing, use an isolated browser profile with a disposable wallet, minimal funds, and manual review for every transaction and signature.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or overbroad agent action could swap assets, send tokens to the wrong address, or sign a harmful message.
The skill explicitly exposes AI-driven wallet actions that can move funds or create binding signatures. These are high-impact operations and the artifacts do not show an enforceable approval or guardrail implementation.
`swap <amount> <token-in> for <token-out>` ... `send <amount> <token> to <address>` ... `sign <message>` Signs an arbitrary message.
Use only a disposable, low-balance wallet and require manual review of every transaction and signature unless you have audited the guardrail code.
Funds in the agent wallet and any permissions granted by that wallet could be used by the automation in later tasks.
The skill requires a persistent browser wallet profile with signing and spending authority. That is delegated financial privilege, even if the wallet is separate from the user's main wallet.
Create a NEW wallet (fresh seed phrase) ... The profile is saved for future automation ... Transfer a small amount to your agent wallet
Never import a main wallet seed phrase, keep balances minimal, verify where the browser profile is stored, and revoke or delete the profile when finished.
A user may end up running or trusting external/local code that was not part of the reviewed artifact set.
The package does not include the implementation it describes, while SKILL.md depends on npm scripts, Playwright setup, config files, and source files. For a crypto-wallet automation tool, relying on unprovided or unknown code is a material provenance gap.
Source: unknown; Homepage: none ... No install spec — this is an instruction-only skill ... No code files present
Do not run the npm setup or fund a wallet until the complete source, package manifest, lockfile, and guardrail implementation are available and reviewed.
Users may over-trust spend limits, protocol allowlists, or revocation controls that are only documented, not verifiable from the package.
The documentation makes strong safety claims, but the supplied artifacts contain no code or config files proving those controls exist or are enforced.
Spend Caps: Hard limits prevent runaway spending ... Protocol Allowlist: Only whitelisted contracts can be called ... Revocation: Set `"revoked": true` to disable all actions
Treat the guardrails as unverified claims until you can inspect and test the implementation, especially before adding funds.
Wallet activity history may persist locally and could reveal financial behavior if the logs are exposed.
Transaction logging is purpose-aligned, but wallet history can be sensitive and the artifacts do not specify log location, retention, or access controls.
Full Logging: Every transaction is logged ... `history [count]` Shows recent agent transactions.
Check where logs are stored, restrict access to them, and clear them when they are no longer needed.