Check Wallet
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is meant for read-only wallet checks, but it runs an unpinned external wallet CLI against locally stored Turnkey credentials with broad command scope and no confirmation.
Before installing, make sure you trust the OpenAnt CLI package and the wallet profile it will inspect. Prefer a version that pins the CLI and limits tool access to exact read-only balance/address commands, and do not use it if exposing wallet balances to the agent would be unacceptable.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the CLI has or later adds wallet commands beyond balance/address lookup, the agent could be permitted to invoke them without an extra approval step.
The skill documents address and balance checks, but the allowed tool pattern covers any wallet subcommand exposed by the external CLI and removes user confirmation. In a wallet context, that is broader than the stated read-only workflow.
allowed-tools: ["Bash(npx @openant-ai/cli@latest wallet *)", "Bash(npx @openant-ai/cli@latest status*)"] ... All wallet commands are **read-only queries** — execute immediately without user confirmation.
Restrict allowed tools to exact read-only commands such as `wallet addresses --json` and `wallet balance --json`, and require explicit user confirmation for any other wallet command.
The behavior users get can change when the npm package changes, and the reviewed skill artifacts do not show the code that will handle wallet credentials and balance queries.
The skill executes a remote npm package at the moving `@latest` version, and no reviewed code or pinned install spec is included in the artifacts. This is especially relevant because the CLI uses local wallet authentication.
Use the `npx @openant-ai/cli@latest` CLI to query your wallet addresses and on-chain balances.
Pin the CLI to a specific audited version, provide provenance or checksums where possible, and avoid automatic execution of unreviewed latest-version code for wallet-related actions.
The agent may display wallet addresses and balances from the user's authenticated account, which may reveal financial information.
The skill depends on local Turnkey/OpenAnt authentication to read wallet addresses and balances. This is purpose-aligned, but it is still account-linked financial data access.
Must be authenticated ... Turnkey credentials are stored locally after login
Use this only with an OpenAnt/Turnkey profile you trust the agent to inspect, and avoid sharing the resulting addresses or balances in untrusted conversations.