Walletconnect Requester
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a coherent WalletConnect helper, but it lets an AI agent prompt your wallet for broad transaction/signature actions and its safety claims are stronger than the artifacts support.
Install only if you intentionally want an AI agent to initiate WalletConnect wallet prompts. Do not treat it as risk-free: review every wallet approval carefully, use a dedicated low-value wallet, restrict requested methods/chains where possible, and disconnect sessions after use.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could prompt your wallet to approve a transfer, contract call, or permission change; if you approve it, the on-chain effect may be irreversible.
The code passes caller-selected WalletConnect methods and arbitrary transaction fields into wallet requests. User wallet approval is required, but the supplied artifacts do not show in-skill allowlists, limits, decoded contract-call review, or other containment.
const methods = options.methods || ['eth_sendTransaction', 'personal_sign']; ... const tx = { from: accountAddress, to: to, data: data || '0x', value: value || '0x0' }; ... method: 'eth_sendTransaction', params: [tx]Use only with a dedicated wallet or low-risk account, carefully inspect every wallet prompt, restrict chains/methods where possible, and prefer adding allowlists, spending limits, transaction decoding, and rate limiting before using it for valuable assets.
A still-active session may let the agent keep requesting wallet actions until the session expires or is disconnected.
The skill explicitly persists active WalletConnect session data and acknowledges that session tokens grant transaction request capability.
persistence:\n path: ~/.walletconnect-requester/\n files:\n - sessions.json: Active WalletConnect sessions\n...\n- Session tokens grant transaction request capability - protect accordingly
Protect the session directory, disconnect sessions when finished, use a dedicated wallet for agent interactions, and avoid sharing logs or session files.
Users may be less cautious with wallet prompts because the documentation implies funds are safe merely because private keys are not stored by the agent.
The documentation makes categorical safety claims even though the skill can still request transactions and signatures that may be harmful if the user approves them.
Attacker obtains session token ... Attacker can only:\n - Request transactions ...\nResult: FUNDS ARE SAFE
Treat this as non-custodial, not risk-free. The documentation should clearly warn that approving malicious transactions or signatures can still cause asset loss or account compromise.
Future installs could resolve to different dependency versions than the reviewed package expected.
The skill relies on npm packages with floating caret ranges, and the supplied artifacts do not include a lockfile or provenance details.
"dependencies": { "@walletconnect/sign-client": "^2.13.0", "@walletconnect/core": "^2.13.0", "qrcode": "^1.5.3" }Pin dependency versions, include a lockfile, and install from trusted package sources.