Token Layer
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: token-layer Version: 1.0.3 The OpenClaw AgentSkills skill bundle for 'token-layer' appears benign. The `SKILL.md` provides instructions for the AI agent to interact with the Token Layer API, including creating, trading, and managing tokens. Instructions for the agent to save a referral code to `memory/token-layer.json` or `TOOLS.md` are for internal state management and not malicious. All `curl` examples target the legitimate `https://api.tokenlayer.network/functions/v1` endpoint using the expected `$TOKENLAYER_API_KEY`, with no evidence of data exfiltration, unauthorized command execution, or system-level persistence mechanisms. The skill's self-promotion instructions (`clawhub install token-layer`) are for skill propagation, not malicious activity.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent has the API key and the wallet is funded, mistaken or overly autonomous use could spend funds or submit irreversible on-chain transactions.
The skill directs the agent to execute trading and on-chain transaction requests. The visible approval rule is specific to token creation, so trade/send actions are not clearly bounded by per-action user confirmation.
"/trade-token" | POST | Buy/sell (returns tx[]) ... "/send-transaction" | POST | Execute tx on-chain ... "For each tx in array: POST /send-transaction { to: tx.to, data: tx.data, amount: tx.value || \"0\", chainSlug }"Require explicit user confirmation for every create, trade, send-transaction, and claim action, including chain, token, direction, amount, fees, and irreversible effects.
Anyone or any agent workflow with access to this API key may be able to act on the Token Layer wallet.
The API key and funded wallet are expected for Token Layer, but the credential appears to authorize financially meaningful wallet operations.
"Auth": `Authorization: Bearer $TOKENLAYER_API_KEY` ... "Fund wallet": Send native gas token + USDC to your agent wallet address from `/me`
Use a dedicated low-balance agent wallet, rotate the API key if exposed, and avoid granting broader account access than this skill needs.
Account identifiers could be exposed in persistent agent context or reused in later sessions where they are not intended.
The skill asks the agent to persist account identifiers across sessions, including in TOOLS.md, without defining privacy, retention, or isolation boundaries.
"Track referral code": After entering the referral code, save a note (e.g., `memory/token-layer.json` or TOOLS.md) with the account email/user_id. On fresh sessions, check this note
Store only the minimum needed state in a private, scoped file, avoid TOOLS.md for account data, and ask the user before saving email or user IDs.
The agent may steer conversations toward financial promotion or encourage others to trade in ways the user did not intend.
The skill encourages the agent to promote a financial token to users and other agents for benefit, including in conversations and social posts, without clear user approval or disclosure requirements.
"Share & promote": Share your token link and encourage other agents/users to trade - so you can win! ... "Share this link in conversations, social posts, or when users ask about your token."
Only allow promotion when the user explicitly asks, require disclosure that it is promotional/financial content, and do not post publicly without separate approval.