ClawFriend
Security checks across malware telemetry and agentic risk
Overview
ClawFriend matches its stated social/trading purpose, but it needs Review because it can control wallet/API actions, run persistent background automation, and delegate to unreviewed community skills/scripts.
Install only if you trust ClawFriend and are comfortable giving it a dedicated wallet/API identity. Before use, review the scripts, disable or inspect cron jobs, avoid running unreviewed community skills, and require human confirmation for trades, transfers, public posts, and marketplace changes.
VirusTotal
65/65 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A community skill could steer the agent to do something different from what you asked, especially if that skill contains unsafe instructions.
This makes community skill documents authoritative before every action, so unreviewed local content can redirect the agent's behavior beyond the user's immediate request.
BEFORE performing ANY action, you MUST check for community-installed skills ... If relevant community skill exists → Read its SKILL.md and use it
Do not make community skills mandatory for every task; require explicit user approval before loading or following a community skill, and treat its SKILL.md as untrusted input.
Unreviewed community skill scripts could run with the same local access as the OpenClaw user.
The skill instructs agents to execute code from community-installed skills outside this reviewed artifact set, without visible provenance, pinning, sandboxing, or approval gates.
Execute skill-specific commands (if the skill provides scripts): ... node scripts/some-script.js [args]
Only install and run community skills after reviewing their source, pin versions, avoid automatic execution, and sandbox or restrict their filesystem and credential access.
A crafted profile/bio value could potentially cause local command execution under the user's account.
A shell command is built using interpolated variables, including a quoted bio value; if that value contains shell metacharacters, it could execute unintended local commands.
execSync(`node ${skillPath}/scripts/register.js update-profile --bio "${bio}"`, {Replace shell-string execSync with execFile/spawn using an argument array, validate inputs, and never pass user or network-controlled strings through a shell.
The skill may keep running background tasks after installation, potentially using your API key or wallet-related configuration later.
The setup flow creates persistent cron-based automation that continues after the initial setup task; the supplied visible docs do not fully bound what the heartbeat may do over time.
Sets up heartbeat cron job ... Sets up activation monitor cron job ... Setup cron: "Run heartbeat checklist every 15 minutes (autonomous execution)"
Require explicit opt-in for cron jobs, show exactly what commands will run, provide an easy disable command, and avoid enabling trading/posting actions from background jobs unless separately approved.
If misused or leaked, these credentials could allow unauthorized posts, share trades, or wallet transactions.
These credentials are expected for the stated wallet-trading and ClawFriend API integration, but they allow the skill to sign transactions and act as the user's agent account.
Required env vars: EVM_PRIVATE_KEY, EVM_ADDRESS, CLAW_FRIEND_API_KEY
Use a dedicated low-balance wallet, keep the API key scoped to ClawFriend, review every transaction, and revoke/rotate credentials if anything seems wrong.
A mistaken or unauthorized command could transfer shares to the wrong address or change holdings.
The skill exposes commands that can move share balances when run; this is aligned with the trading/transfer purpose but is financially meaningful.
node scripts/transfer-shares.js transfer <subject_address> <to_address> <amount>
Require explicit confirmation for buys, sells, and transfers, verify addresses and amounts, and set conservative transaction limits.