WalletPilot 7715
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
WalletPilot is clear that it automates crypto transactions, but it can let an agent spend or trade from a wallet after a single permission grant.
Install only if you trust WalletPilot and understand ERC-7715 delegated permissions. Use a separate low-balance wallet, set very small spend limits, short expirations, chain and contract allowlists, verify each transaction manually, and revoke permissions after the task.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could execute unintended swaps, transfers, or contract calls within the granted limits, potentially causing financial loss.
The skill intentionally enables autonomous transaction execution after an initial permission grant. Because on-chain transactions can move funds irreversibly, the lack of required per-transaction confirmation or validation is a material control concern.
Users grant scoped permissions ... once, then agents can execute freely within those limits.
Require explicit user confirmation before every transaction, use simulations, verify recipients/contracts, enforce slippage limits, and prefer narrow contract allowlists and very small spending caps.
If permissions are too broad or last too long, the agent may be able to spend more than the user intended.
The skill uses delegated MetaMask/ERC-7715 wallet permissions and API credentials to let the agent spend within user-approved limits. This is purpose-aligned and disclosed, but it is still sensitive financial authority.
Request wallet permissions from user ... .spend('USDC', '500', 'day') ... .expiry('7d')Grant the smallest possible spend limits, chain scope, contract scope, and expiry; use a separate low-balance wallet; and revoke permissions immediately after use.
A compromised or unexpected SDK version could affect wallet transaction behavior.
The skill depends on an external npm SDK that is not pinned and is not included in the reviewed artifacts. Because that SDK mediates wallet permission and transaction execution, provenance matters.
Install the SDK: `npm install @walletpilot/sdk`
Verify the SDK source, pin a trusted version, review the package and documentation, and install only from a trusted environment.
The provider may see wallet activity metadata, permission identifiers, and transaction requests.
Transaction execution, history requests, and API credentials are sent to WalletPilot’s external API. This is disclosed and purpose-aligned, but the artifacts do not describe retention or privacy boundaries.
Base URL: `https://api.walletpilot.xyz` ... `/v1/tx/execute` ... headers: { 'Authorization': 'Bearer wp_...' }Treat API keys and permission IDs as sensitive, review the provider’s privacy/security practices, and rotate or revoke credentials if no longer needed.