aaveclaw
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: aaveclaw Version: 1.0.0 The skill is classified as suspicious due to its direct handling of a private key, which is a high-risk capability. The `scripts/lib/config.js` file attempts to load a private key from the `X402_PRIVATE_KEY` environment variable or from `~/.x402-config.json`. While this access is necessary for the skill's stated purpose of interacting with the Aave V3 lending protocol on Base Sepolia testnet, and there is no evidence of exfiltration or unauthorized use of the key, the direct access to and use of a private key constitutes a significant security risk. Additionally, the `ensureAllowance` function in `scripts/lib/aave.js` grants `ethers.MaxUint256` approval to the Aave Pool contract, which is a broad permission, though common in DeFi and for a specified testnet contract.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can sign Base Sepolia transactions with the configured wallet key. If the user reuses a real wallet key, the key itself is highly sensitive even though this skill targets a testnet.
The code reads a raw wallet private key from environment or local config and uses it to create an ethers signer, but the registry metadata declares no primary credential, required env vars, or required config paths.
if (process.env.X402_PRIVATE_KEY) { return process.env.X402_PRIVATE_KEY; } ... join(homedir(), ".x402-config.json") ... return config.private_key;Use a dedicated Base Sepolia testnet wallet only, do not reuse a mainnet/private wallet key, and require explicit user confirmation before any transaction.
The configured pool contract may retain broad token-spending allowance on Base Sepolia after the operation.
Before deposits or repayments, the skill can approve the Aave pool to spend an unlimited amount of the token. This is common in DeFi workflows but broader than the single requested amount.
const tx = await tokenContract.approve(spender, ethers.MaxUint256);
Verify the contract addresses, use a testnet-only wallet, and consider changing the code to approve only the requested amount if tighter control is desired.
Running the skill may download and install Node dependencies locally before executing commands.
The skill installs npm dependencies on setup or first use, even though the registry lists no install spec. The included package-lock.json reduces ambiguity, and ethers is purpose-aligned.
npm install --omit=dev
Review the dependency lockfile and run the skill in a controlled environment, especially because it also handles a wallet private key.