Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
AI Walllet Payment System
v0.1.0Manage Ethereum wallets with encrypted keys, TOTP 2FA, secure ETH transactions, audit logs, and rate limiting for AI-driven payment processing.
⭐ 0· 656·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name and description claim Ethereum wallet and payment capabilities which align with the included Python code and SKILL.md instructions. However the registry metadata declares no required environment variables/credentials while SKILL.md explicitly requires WEB3_PROVIDER_URL (Infura) and a backup encryption key — a clear mismatch between what the skill says it needs and what the registry advertises. The repository URL is provided in SKILL.md but the skill's registry 'Source' is 'unknown', which reduces trust.
Instruction Scope
The runtime instructions tell an operator to clone an external GitHub repo and pip-install and run unverified Python code that will create and manage private keys and perform transactions. That code will prompt for master passwords and output 2FA secrets and backup codes to the terminal in demos — behaviour that is expected for a wallet but is high-risk if the code or environment is malicious or misconfigured. The SKILL.md also asks the user to generate/store a BACKUP_ENCRYPTION_KEY_FINGERPRINT and to provide an Infura URL; these are sensitive operations that must be handled carefully. The instructions do not document telemetry, network endpoints beyond Infura, or explicit data exfiltration controls.
Install Mechanism
There is no formal install spec in the registry (instruction-only), but SKILL.md requires cloning from https://github.com/cerbug45/AI-Wallet-Payment-System and installing packages via pip. Pulling and running code from an unverified third‑party GitHub repo is higher risk than using vetted packages; the skill includes a large Python file that will be executed locally. The repository owner and registry owner/metadata do not obviously match, and there is no signed release or known trusted distribution channel.
Credentials
The registry lists no required environment variables or primary credential, yet SKILL.md requires WEB3_PROVIDER_URL (Infura project ID) and a BACKUP_ENCRYPTION_KEY_FINGERPRINT, plus optional DATABASE_PATH and rate-limit settings. For a wallet/payment skill the Infura URL and backup key are reasonable, but the omission from registry metadata is a poor practice and limits the platform's ability to warn users. The included code header also declares mandatory HSM and many advanced hardware/security integrations that are either contradictory with the README (which says many advanced features are not implemented) or impossible without additional environment/configuration — another mismatch.
Persistence & Privilege
The skill is not marked always:true and does not request system-level persistence via the registry. There is no evidence in the SKILL.md that it will modify other skills or global agent config. That said, it instructs the user to place sensitive keys in environment files and to run code locally; the skill could persist data to locally created encrypted DB files (expected for a wallet) but that is within the normal scope for this functionality.
What to consider before installing
This skill implements an Ethereum wallet/payment system but has several red flags you should address before using it with real funds or secrets: (1) Source and distribution: SKILL.md instructs you to clone and run code from an unverified GitHub repo (cerbug45) — prefer signed releases or vetted packages. (2) Metadata mismatch: the registry claims no required env vars, but the instructions need an Infura provider URL and a generated backup encryption key; verify required variables in the registry and platform UI. (3) Sensitive operations: the code will handle private keys, create TOTP secrets and backup codes, and can send transactions — only run in an isolated/sandboxed environment, and never on mainnet with real funds until audited. (4) Grand claims: the Python file header lists dozens of advanced hardware and cryptographic protections that the README admits are not implemented; treat these as marketing, not guarantees. Recommended next steps: a) do NOT supply production keys or real ETH — use ephemeral keys and a testnet provider; b) request the full repository history and a reproducible build or signed release; c) audit the Python code (or have a security professional do so) focusing on any network calls, telemetry, or hidden endpoints; d) run the code in an isolated VM/container and monitor outbound connections before trusting it; e) prefer alternatives that declare required env vars/credentials in registry metadata and come from verified authors. If you want, I can: list specific files/lines to inspect for exfiltration, summarize the Python file's network/IO behavior, or suggest safer vetted wallet libraries and integration patterns.Like a lobster shell, security has layers — review code before you run it.
latestvk97cfm9xbm2ep0q58d30eksr95817ctf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.