AI Walllet Payment System
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill is not clearly malicious, but it can manage real crypto wallet secrets and send irreversible Ethereum payments while its security claims and operational boundaries are not tight enough.
Do not install this for real funds based only on the published skill. If you test it, use a new testnet or low-balance wallet, verify the GitHub source and dependencies, keep secrets outside the agent whenever possible, and require manual approval for every payment.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If configured with a funded wallet, an agent mistake or misuse could send real ETH to the wrong address, and blockchain transactions are generally irreversible.
The skill is explicitly intended for AI-driven automated payments and demonstrates sending ETH on mainnet. Even with TOTP and rate limiting, the provided artifacts do not show strong transaction policy boundaries such as mandatory human confirmation, spend limits, or recipient allowlists.
Use Cases: - AI agents that need to make automated payments ... WEB3_PROVIDER_URL=https://mainnet.infura.io/v3/YOUR_INFURA_PROJECT_ID ... api.send_transaction(... amount_eth=0.001, totp_code=totp_code)
Use only testnet or a dedicated low-balance wallet unless the code has been independently audited. Require explicit human confirmation for recipient, amount, and network before every transaction.
Anyone or anything that gains access to the master password, database, MFA secret, backup codes, or decrypted private key could potentially control wallet funds.
The skill handles private keys, wallet recovery factors, and transaction authority. That is purpose-aligned for a crypto wallet, but it is highly sensitive account authority.
Creates and manages Ethereum wallets ... Encrypts private keys ... Send ETH with Web3.py integration ... print(f"MFA Secret: {result['mfa_secret']}") ... print(f"Save these backup codes: {result['backup_codes']}")Use a fresh wallet, small balances, offline backups, and a password manager. Do not expose TOTP secrets or backup codes to an autonomous agent unless you fully understand the risk.
A user may place real funds in a system believing it has stronger protections than it actually implements.
For software that may protect real cryptocurrency funds, overstated or contradictory security claims can lead users to trust it more than the artifacts justify.
What It Claims vs Reality: The code header lists 500+ security features. In reality, it implements a subset of core security practices. Many advanced features (HSM, quantum cryptography, TPM, etc.) are mentioned but not actually implemented.
Treat this as experimental until independently audited. Remove or ignore exaggerated security claims, and verify the actual implemented controls before use with real assets.
Users could accidentally run a different or changed upstream version if they follow the clone instructions without verifying the repository and commit.
The installation path relies on cloning and running code from an external GitHub repository and installing dependencies. This is common for a Python project, but the registry source/homepage are not populated and there is no install spec.
git clone https://github.com/cerbug45/AI-Wallet-Payment-System.git ... pip install -r requirements.txt
Review the repository, pin a specific commit, install in a virtual environment, and avoid using real wallet funds until provenance and code integrity are verified.