ClawWallet
Analysis
ClawWallet is purpose-aligned for a wallet skill, but it installs and runs remote wallet-signing software, so users should review it carefully before trusting it with assets.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.
curl -fsSL "${CLAW_WALLET_BASE_URL}/skills/claw-wallet" -o claw-wallet ... BINARY_URL="${CLAW_WALLET_BASE_URL}/bin/${BINARY_NAME}" ... curl -L -o "$TMP_TARGET" "$BINARY_URL"The installer downloads executable wrapper and sandbox binary components at install time from a remote host, with no checksum, signature, or pinned release verification shown in the artifacts.
curl -fsSL "${CLAW_WALLET_BASE_URL}/install.sh" | bashThe upgrade path executes a remotely fetched shell script directly. For a wallet-signing skill, this is a high-impact execution path even though upgrades are documented as requiring user confirmation.
Use this skill when the user wants to sign messages, sign transactions, or transfer assets ... Before executing any transaction, the agent **must** ask the user for confirmation
The skill explicitly supports high-impact wallet actions, while also documenting a confirmation requirement before transactions.
nohup setsid "$BIN" serve >> "$LOG_FILE" 2>&1 < /dev/null &
The wrapper starts the sandbox as a background process that can continue running after the immediate agent task completes.
Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.
primary_credential: CLAY_AGENT_TOKEN ... local_secret_fields: ... identity.json ... agent_token
The skill declares and uses local bearer-token and identity files that authorize access to the wallet sandbox.