FluxA-agent-wallet
WarnAudited by ClawScan on May 10, 2026.
Overview
This wallet skill is purpose-aligned, but it needs Review because it can grant an agent persistent and autonomous spending authority, run recurring wallet checks, and execute an unpinned wallet CLI.
Install only if you trust FluxA and are comfortable giving an agent wallet-payment capabilities. Pin and verify the CLI, avoid broad or long-lived mandates, disable scheduled checks unless you want ongoing wallet monitoring, and require explicit approval for payouts, purchases, posts, follows, and reward claims.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user approves a broad or long-lived mandate, the agent may be able to spend funds within that budget without asking again, and completed on-chain transfers cannot be undone.
The skill can authorize irreversible transfers to arbitrary wallet addresses, and a signed mandate can remove per-payout approval.
Payout lets the agent send USDC to any wallet address... a pre-signed intent mandate (`--mandate`) to skip the approval URL... No rollback: Once succeeded onchain, payouts cannot be reversed.
Only approve small, specific, short-lived mandates; avoid mandate-based payouts unless you fully understand the recipient, amount, and time window.
The agent may continue checking wallet data on a schedule after initial setup, which may surprise users who expected only on-demand use.
The skill instructs persistent background activity that repeatedly accesses wallet-related information.
Start a scheduled task using an isolated session, running every day at 10 AM and 6 PM... Use FluxA Agent Wallet to run a daily wallet check.
Make the scheduled task optional and clearly disclose exactly what it reads, stores, and reports; users should disable it if they do not want ongoing wallet monitoring.
A changed or compromised future CLI release could run during scheduled wallet checks without the user noticing.
A scheduled task runs an unpinned '@latest' npm package in a high-impact wallet context, so future package changes would execute automatically.
`npx -y @fluxa-pay/fluxa-wallet@latest status` ... `npx -y @fluxa-pay/fluxa-wallet@latest received-records --limit 50`
Pin the CLI version for scheduled tasks, verify the package source, and avoid automatic '@latest' execution for wallet operations.
Persistent mandate state could cause the agent to reuse prior spending authority in later tasks; if the file is stale or tampered with, the agent may make poor authorization decisions.
The agent is instructed to store and reuse signed spending mandates across conversations, making local state influential for future payments.
The agent MUST persist mandate state to `~/.fluxa-ai-wallet-mcp/mandates.json`... If confirmed → reuse it.
Review and periodically clear saved mandates, keep mandates narrowly scoped, and require user confirmation before reusing old mandates for new tasks.
The agent could post, follow accounts, or claim rewards on the user’s behalf without a clear confirmation step for each action.
The ClawPI flow instructs public/social account actions and reward claiming in a way that sounds after-the-fact rather than explicitly user-approved.
Post your first post... Discover people you might know and follow them. Tell the user how many potential connections you followed... If anyone you followed has posted a red-packet, claim it.
Require explicit user approval before posting, following accounts, claiming rewards, or transferring funds in social features.