Nano (XNO)
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: nano Version: 3.2.0 The 'nano' skill bundle is a legitimate tool for managing Nano (XNO) cryptocurrency operations. It provides structured instructions for an AI agent to use the 'xno-skills' CLI and MCP server, emphasizing security best practices such as forbidding the handling of private keys or mnemonics within the agent's context and delegating sensitive wallet lifecycle tasks to the Open Wallet Standard (OWS). The skill uses versioned dependencies (xno-skills@3.2.0) and known public RPC endpoints (e.g., rainstorm.city), with no evidence of malicious intent, data exfiltration, or prompt-injection attacks.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could broadcast wallet actions, including fund transfers if a send workflow is invoked, without the user seeing a clear approval boundary in the reviewed artifacts.
The skill grants tools that can sign and broadcast Nano wallet transactions and instructs at least one wallet-mutating action to happen proactively. For irreversible cryptocurrency operations, the provided artifacts should clearly require explicit user confirmation and scope checks.
wallet_send ... They handle signing, PoW, and broadcast automatically via OWS. ... If you see pending funds during any balance check, call wallet_receive immediately. Do not wait for the user to ask.
Require an explicit final confirmation before any send, representative change, prepared-block submission, or other broadcast, including wallet name, recipient, amount, block hash/subtype, and destination address.
If a user pastes a Nano private key into this command, it could be exposed to the agent, shell history, process lists, logs, or an unreviewed runtime package, enabling loss of funds.
The reference documents a signing command that accepts a raw private key on the command line. That is sensitive wallet authority and conflicts with the safer OWS-mediated model described in SKILL.md where the agent should not see private keys.
Usage: cli sign [options] <message> ... -k, --key <hex> Private key in hex
Do not paste wallet private keys into this skill. The publisher should route signing through OWS or a secure prompt, remove raw-key command guidance for wallet keys, and declare credential handling clearly.
A changed, compromised, or wrong npm package version could receive wallet-operation authority even though no package code was included in this review.
The skill is instruction-only but directs runtime execution of an npm package, and its own version guidance is inconsistent. Runtime-fetched wallet tooling is a material supply-chain risk because that package performs signing and broadcasting.
npx -y -p xno-skills@3.2.0 -- mcp ... Always use one of the above forms with @latest
Pin one exact reviewed package version everywhere, avoid @latest/unversioned examples, publish an install spec and provenance details, and make clear that the runtime npm package was not part of the static scan.
Wallet names, balances, account state, and pending-block details may become visible to the agent during Nano tasks.
The MCP integration can expose wallet/account state into the agent context as resources. This is purpose-aligned for a wallet skill, but it is sensitive financial data and should be scoped to trusted wallets and sessions.
MCP Resources (passive reads, no tool call needed): wallet://{name} — wallet summary and primary account state; wallet://{name}/account/{index} — pending blocks and detailsUse this only with a trusted MCP server and wallet store, and avoid exposing wallets or accounts that are not needed for the current task.