ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

WalletChan

Interact with web3 dapps using the WalletChan browser extension via Chrome CDP. Use when the user asks to connect a wallet, swap tokens, supply/deposit to De...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 49 · 0 current installs · 0 all-time installs
byApoorv Lathey@apoorvlathey
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (WalletChan browser-wallet automation) aligns with the runtime instructions: it requires Chrome with remote debugging and the WalletChan extension and describes navigating dapps, unlocking the extension, and confirming transactions. There are no unrelated binaries, installs, or credentials requested in the metadata that would be out of place for this purpose.
!
Instruction Scope
The SKILL.md instructs the agent to control the browser via CDP, open dapp pages, click UI elements, enter the Agent Password to unlock the wallet, and confirm or reject transactions. Those actions are within the stated purpose but grant the agent direct capability to move funds if the Agent Password is provided. The doc also references using features like 'Simulate on Tenderly' (potential external data transmission via the extension UI) — this may send transaction data to third-party services. The instructions require the user to share a secret (Agent Password) with the agent, which is expected for this capability but is high privilege and should be treated carefully.
Install Mechanism
This is instruction-only with no install spec and no code files, so nothing is written to disk by the skill itself. That minimizes supply-chain risk; the only installation step is the user installing the WalletChan extension and running Chrome with remote debugging, which the README correctly documents.
Credentials
The skill asks the user to set and share an Agent Password (a runtime secret) but declares no required environment variables or primary credential in the registry metadata. Requiring the Agent Password is proportional to the task (unlocking the extension to confirm txs), but the skill's metadata does not reflect that a secret will be needed. The SKILL.md explicitly warns not to share the Master Password, which is appropriate.
Persistence & Privilege
always is false and there is no install that modifies other skills or system config. Autonomous invocation is allowed by default (disable-model-invocation: false) — this is platform standard, but note that autonomous invocation combined with the ability to unlock and confirm transactions would give the skill significant power if the Agent Password is provided.
Assessment
This skill appears to do what it says, but it needs the user's Agent Password to unlock the wallet and confirm transactions — that effectively gives the agent the ability to move funds. Only share an Agent Password if you trust the agent invocation and will supervise every action. Never share your Master Password. Recommended precautions: (1) Use a dedicated Chrome profile/user-data-dir with only WalletChan installed; (2) run Chrome with remote-debugging only when you intend to use the skill and close it afterwards; (3) do not enable autonomous invocation for this skill unless you trust it completely—prefer manual invocation or require explicit confirmation for every transaction; (4) consider using a limited, emptied wallet or low-value test funds for initial trials; (5) ask the developer to declare the Agent Password requirement in the skill metadata so it's visible before install; (6) be cautious with features that send data externally (e.g., Tenderly simulations) — confirm whether transaction data will be transmitted and to what endpoint before using those features.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97ay6me1a3qcgej54gjydcqed8354z9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

WalletChan — Browser Wallet Agent Skill

Control the WalletChan browser extension to interact with any web3 dapp via Chrome DevTools Protocol (CDP).

Prerequisites

  1. Chrome installed with remote debugging enabled (e.g. --remote-debugging-port=9222)
  2. WalletChan extension installed from the Chrome Web Store
  3. Agent password configured — the user must set an Agent Password in WalletChan settings before the agent can operate

⚠️ IMPORTANT — Tell the user:

  • Set an Agent Password in WalletChan settings and share it with the agent.
  • NEVER share the Master Password with ANY agent. The Master Password controls private key access. Agents must ONLY ever receive the Agent Password.
  • The Agent Password grants limited scope: unlock the wallet, review & confirm transactions. It cannot reveal or export private keys.

Setup

Launch Chrome with CDP

The user needs Chrome running with remote debugging. Example launch script:

"/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" \
  --remote-debugging-port=9222 \
  --user-data-dir="$HOME/.walletchan-agent/chrome-profile" \
  --no-first-run \
  --no-default-browser-check

Adjust the path for the user's OS. The user-data-dir should be a dedicated profile with the WalletChan extension installed.

Get the Extension ID

  • Chrome Web Store build: kofbkhbkfhiollbhjkbebajngppmpbgc (stable)
  • Local/dev builds: ID varies — navigate to chrome://extensions/ via CDP and read it

The extension's full-tab URL is: chrome-extension://<EXTENSION_ID>/index.html

Connect via CDP

Connect to Chrome using CDP on the configured port (default 9222). All interaction happens through browser automation — navigate tabs, click elements, read page content.

Always use CDP for tab control. Chrome sidepanels are NOT accessible via CDP, so WalletChan must be used in full-tab mode (open chrome-extension://<ID>/index.html in a tab).

Core Workflow

1. Navigate to the dapp

Open the target dapp URL in a Chrome tab (e.g. app.aave.com, app.uniswap.org).

2. Connect wallet

Click the dapp's "Connect Wallet" button and select "WalletChan" from the wallet list. Connection is instant — no popup or approval needed.

3. Interact with the dapp

Perform the intended action: enter amounts, select tokens, click "Supply", "Swap", etc. This triggers a transaction or signature request in WalletChan.

4. Switch to the extension tab

Navigate to the WalletChan tab (chrome-extension://<ID>/index.html) so the request is visible. Always switch the visible/active tab — the user can only see the active tab, so switch to whichever tab you're working on.

5. Check lock state & unlock

WalletChan has an auto-lock feature — the wallet locks after inactivity. Before confirming any request:

  1. Check if the wallet is locked (password prompt visible)
  2. If locked, enter the Agent Password and click Unlock
  3. The pending request will appear after unlocking

6. Review the request

WalletChan provides two views for each request:

  • Decoded tab — human-readable breakdown of the transaction:
    • Function name and parameters
    • Recursively decoded nested calldata (e.g. bytes params containing inner calldata)
    • Auto-resolved ENS, Basename (.base.eth), and .wei domains for addresses
    • Labels for known contract addresses
    • Unit conversion dropdowns for uint params (wei→ETH, unix timestamps, 10^6, bps, etc.)
    • Some params (like bytes) may be collapsed — expand for full detail
  • Raw tab — raw calldata/signature data for manual verification

Verify before confirming:

  • Correct function being called
  • Correct token/asset addresses
  • Correct amounts (watch decimals — e.g. USDC uses 6 decimals, so 1 USDC = 1,000,000)
  • Correct recipient/onBehalfOf address
  • Correct network
  • Gas estimation succeeded (if it shows the tx would revert, investigate before confirming)

7. Confirm or reject

  • Confirm if everything matches the intended action
  • Reject if anything looks wrong, and inform the user
  • Ask the user if uncertain about any detail

8. Switch back & verify

After confirming, switch back to the dapp tab and verify the result:

  • Success toast/notification
  • Updated balances or positions
  • Transaction hash (link to block explorer if available)

Never assume success — always check actual state changes on the dapp.

Gotchas

  • Auto-lock is real. The wallet locks after inactivity. Always check lock state before attempting to confirm a transaction. If you get an "Invalid Password" error, the wallet may have locked between actions — just unlock again.
  • Full-tab mode only. Chrome sidepanels are not accessible via CDP. Always open the extension URL in a regular tab.
  • Always switch the active tab. The user monitors progress by watching the browser. If you're working in a background tab, the user sees nothing. Switch to the tab you're interacting with.
  • Decimals vary by token. ETH/WETH = 18 decimals, USDC/USDT = 6 decimals, DAI = 18. Always verify amounts accounting for the token's decimals.
  • Gas estimation failure = likely revert. If WalletChan shows the transaction would revert, do NOT confirm. Investigate the cause first.
  • Tenderly simulation — WalletChan has a "Simulate on Tenderly" button on the request page. Only use it when: the user asks for a simulation, the tx shows it would revert (to debug why), or something looks off and needs verification before broadcasting.

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…