ClawHub

BNB Chain

Basic BNB Chain operations — check balances, send BNB, send BEP-20 tokens.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
1 · 1.4k · 0 current installs · 0 all-time installs
by@CLAWZAI
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description (check/send BNB and BEP-20 tokens) aligns with the included bnb.js and instructions, but registry metadata does not declare the required Node binary or the BNB_PRIVATE_KEY env var that the SKILL.md explicitly requires — an inconsistency in declared requirements.
!
Instruction Scope
SKILL.md instructs running bnb.js to read a private key from the BNB_PRIVATE_KEY environment variable or accept a private key on the CLI and to npm install ethers in the local skill workspace. Reading a private key is expected for this purpose, but passing keys on the CLI (shell history exposure) and performing ad-hoc installs at runtime expand the operational scope and risk.
Install Mechanism
There is no formal install spec in the registry, but SKILL.md tells the user to run npm install ethers in the skill workspace. That implicit install (network fetch of a package) is normal for a Node helper but should be declared; package.json and package-lock.json are present but the registry did not publish an install step.
!
Credentials
The skill requires a private key (BNB_PRIVATE_KEY) to function but the registry metadata lists no required environment variables or primary credential. Asking for raw private keys (and allowing them on the CLI) is sensitive and the required secret should be explicitly declared and justified.
!
Persistence & Privilege
The skill is not marked always:true, but disable-model-invocation is not set, so the model could invoke this skill autonomously. Because it can use private keys to send transactions, allowing autonomous invocation without explicit user gating is risky.
What to consider before installing
This skill appears to do what it claims (send/check BNB and BEP-20 tokens), but several things need attention before installing: - Inspect bnb.js source to confirm it only interacts with expected RPCs and does not exfiltrate keys. - Prefer setting BNB_PRIVATE_KEY in a secure secret store rather than passing the key on the CLI (CLI args can be stored in shell history). - Ensure package.json/package-lock.json pin the ethers version you expect; run npm install in an isolated environment (or inspect the package-lock) before trusting network installs. - Consider disabling autonomous model invocation for this skill (or require explicit user invocation) because it can perform transactions with your keys. - If you lack confidence in the code, do not provide real private keys — test with a throwaway key and small amounts first. These inconsistencies (undeclared env var and implicit installs) make the skill suspicious rather than clearly benign.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.1.0
Download zip
latestvk972mdfaxw9tc5586fbeeqy2tx809maa

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🟡 Clawdis
Binsnode

SKILL.md

BNB Chain Skill

Basic operations on BNB Chain (BSC). Check balances and send transactions.

Setup

Requires Node.js and ethers.js:

cd ~/.openclaw/workspace/skills/bnb-chain && npm install ethers --silent

Configuration

Store your private key securely. The skill reads from environment variable:

export BNB_PRIVATE_KEY="0x..."

Or pass it directly to the helper script.

Usage

All operations use the helper script: bnb.js

Check BNB Balance

node bnb.js balance <address>

Example:

node bnb.js balance 0x9787436458A36a9CC72364BaC18ba78fdEf83997

Check BEP-20 Token Balance

node bnb.js token-balance <token_address> <wallet_address>

Example (USDT):

node bnb.js token-balance 0x55d398326f99059fF775485246999027B3197955 0x9787436458A36a9CC72364BaC18ba78fdEf83997

Send BNB

node bnb.js send <to_address> <amount_bnb> [--key <private_key>]

Example:

node bnb.js send 0xRecipient 0.01 --key 0xYourPrivateKey

Send BEP-20 Token

node bnb.js send-token <token_address> <to_address> <amount> [--key <private_key>]

Example (send 10 USDT):

node bnb.js send-token 0x55d398326f99059fF775485246999027B3197955 0xRecipient 10 --key 0xYourPrivateKey

Get Wallet Address from Private Key

node bnb.js address <private_key>

Get Transaction Details

node bnb.js tx <tx_hash>

Common Token Addresses (BSC Mainnet)

TokenAddress
USDT0x55d398326f99059fF775485246999027B3197955
USDC0x8AC76a51cc950d9822D68b83fE1Ad97B32Cd580d
BUSD0xe9e7CEA3DedcA5984780Bafc599bD69ADd087D56
WBNB0xbb4CdB9CBd36B01bD1cBaEBF2De08d9173bc095c

RPC Endpoints

Default: https://bsc-dataseed.binance.org/

Alternatives:

  • https://bsc-dataseed1.binance.org/
  • https://bsc-dataseed2.binance.org/
  • https://bsc-dataseed3.binance.org/
  • https://bsc-dataseed4.binance.org/

Security Notes

  • Never commit private keys to git
  • Use environment variables or secure storage
  • Double-check recipient addresses before sending
  • Start with small test amounts

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…