Walletconnect Requester
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is a coherent non-custodial WalletConnect requester, but it can prompt real wallet transactions/signatures and its “funds are safe” messaging is too absolute.
Install only if you understand WalletConnect prompts and are comfortable with an AI agent initiating transaction or signature requests. Use a dedicated low-value wallet, review every prompt carefully, protect the local session directory, and disconnect sessions when done.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may approve a wallet prompt believing the skill cannot put funds at risk, when an approved malicious transaction or signature can still cause loss or unwanted permissions.
The skill correctly avoids private-key custody, but the absolute 'funds are safe' framing underplays the residual risk that a compromised or mistaken agent can request malicious transactions or signatures that the user may approve.
Attacker CAN ONLY: - Request transactions (user must approve) - Request signatures (user must approve) ... Result: FUNDS ARE SAFE
Treat every wallet prompt as high risk. Use a dedicated wallet, inspect recipient/amount/contract/function data, reject anything unexpected, and disconnect sessions when finished.
The agent can cause wallet approval prompts for transactions whose details may be complex or hard to understand.
The script can request arbitrary transaction targets, data, and values through WalletConnect. This is central to the skill's purpose and requires wallet approval, but it is still a broad financial action surface.
const tx = {
from: accountAddress,
to: to,
data: data || '0x',
value: value || '0x0'
};
...
method: 'eth_sendTransaction',
params: [tx]Only approve requests you initiated or fully understand; verify chain, recipient, amount, and contract call details in the wallet before approving.
Anyone with effective access to an active session may be able to generate transaction or signature prompts for the connected wallet.
WalletConnect sessions delegate authority to request wallet actions. The artifact discloses this, and private keys are not handled, but the session capability is still sensitive.
Session tokens grant transaction request capability - protect accordingly
Keep the local session directory private, disconnect sessions after use, and reject unexpected wallet prompts.
Local files may reveal wallet interaction history and may support continued wallet request capability while sessions are active.
The skill stores active session metadata and audit history locally for reuse. This is disclosed and purpose-aligned, but it creates persistent state that should not be casually shared.
persistence:
path: ~/.walletconnect-requester/
files:
- sessions.json: Active WalletConnect sessions
- audit.log: Transaction audit log (masked sensitive data)Review and protect ~/.walletconnect-requester/, avoid sharing audit logs without checking them, and delete or disconnect sessions when no longer needed.
A future dependency update could change behavior unless the user pins or locks installed versions.
The skill depends on external npm packages with caret version ranges. This is normal for a Node-based WalletConnect tool, but versions are not locked in the provided artifacts.
"dependencies": {
"@walletconnect/sign-client": "^2.13.0",
"@walletconnect/core": "^2.13.0",
"qrcode": "^1.5.3"
}Install from a trusted npm registry, consider using a lockfile or pinned versions, and review dependency updates before using the skill with valuable wallets.