ClawHub

Wallet Guard

v1.0.0

Wallet anti-theft guard. One-click scan for high-risk wallet approvals to protect user assets. Use when a user asks for a wallet security check, wallet healt...

0· 42·0 current·0 all-time
by@bevanding
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The SKILL.md describes a wallet approval risk scanner that queries the public GoPlus Security v2 API and gives revoke guidance — this aligns with the skill name/description. Minor inconsistency: the registry metadata lists no required binaries, but SKILL.md declares 'requires: [curl]'. Requiring curl for an HTTP GET is reasonable for the described purpose, but the registry should list it.
Instruction Scope
Runtime instructions are narrowly scoped: validate an Ethereum mainnet address, call a single unauthenticated GoPlus endpoint, parse and defensively check the JSON response, and provide user-facing analysis and fallback guidance. The instructions do not ask to read local files, access unrelated environment variables, or exfiltrate secrets.
Install Mechanism
This is an instruction-only skill (no install spec, no code to fetch). That minimizes installation risk. The only runtime requirement is a network-capable curl binary (declared in SKILL.md but not in registry).
Credentials
The skill requires no credentials, keys, or config paths. It calls a public, unauthenticated API; this is proportional to a read-only approval scan. There are no requests for unrelated secrets or broad environment access.
Persistence & Privilege
The skill is not forced always-on and is user-invocable. It does not request persistent system privileges or attempt to modify other skills or system-wide settings.
Assessment
This skill is an instruction-only scanner that sends the provided Ethereum address to the public GoPlus v2 approval-risk endpoint via curl and returns an analysis; it does not require API keys or access to your secrets. Before installing, note: (1) the registry metadata omits the 'curl' requirement that SKILL.md lists — ensure your environment provides curl or the agent can make HTTPS requests; (2) the skill will transmit wallet addresses to a third-party public API (addresses are on-chain but may still be privacy-sensitive); (3) never supply private keys or seed phrases — this skill does not need them; (4) the skill has no local install/persistence and relies on the external API, so scans fail if that API is unavailable or rate-limited. If you need offline or multi-chain scanning, or you require guarantees about where data is sent, consider a different tool or requesting source code before trusting results.

Like a lobster shell, security has layers — review code before you run it.

latestvk975geygpj7gtam12fkt4nkbm183xmdr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments