ClawHub

AgentsBank

v1.0.6

Secure multi-chain crypto wallet management for AI agents with read-only access by default and explicit user consent required for transactions and wallet cre...

3· 1.7k·2 current·2 all-time
by@cryruz
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md and included SDK implement a multi-chain crypto banking client (wallet creation, balances, transaction send, signing, agent registration) — which is coherent with the (implicit) purpose — but the registry metadata lists no required environment variables or primary credential while SKILL.md explicitly requires AGENTSBANK_API_URL, AGENTSBANK_AGENT_USERNAME, and AGENTSBANK_AGENT_PASSWORD (and optionally AGENTSBANK_API_KEY). That mismatch between claimed metadata and the runtime instructions is a notable inconsistency that could confuse users or hide required sensitive inputs.
Instruction Scope
The SKILL.md is fairly explicit and scoped: it instructs installing the npm SDK, creating a .env with credentials, initializing a client with process.env values, and using read-only calls by default. It also documents write operations (sendTransaction, createWallet, self-register). SKILL.md states write/financial operations are restricted and won't execute autonomously, but the skill registry metadata indicates model invocation is not disabled by default — a mismatch that could allow autonomous invocation unless the user or platform enforces 'disableModelInvocation'. The instructions do not request reading unrelated system files or secrets, but they do require sensitive credentials.
Install Mechanism
No installer is embedded in the skill bundle (instruction-only), but SKILL.md directs users to install an npm package (@agentsbankai/sdk). The package manifest and compiled sources are included in the bundle, and package.json/package-lock show a normal npm package with standard dev deps. There are no downloads from ad-hoc URLs or installers that extract arbitrary archives — installation via npm is standard and expected for an SDK.
!
Credentials
The SDK legitimately needs API credentials (API URL + username + password or API key) to authenticate to the remote banking service. Those credentials are sensitive (AGENTSBANK_AGENT_PASSWORD) and are requested by SKILL.md, but the skill registry metadata lists no required env vars — a problematic mismatch. The number and type of env vars requested are proportional to the described functionality, but the lack of declaration in metadata and the presence of credentials named PASSWORD/TOKEN/KEY should be highlighted as sensitive and verified before use.
Persistence & Privilege
The skill does not request permanent platform-wide privileges (always: false). It does contain functions that can perform financial writes (send, createWallet, register), and the SKILL.md asserts these are restricted and require explicit user invocation. However, the platform default 'disable-model-invocation' is false per the registry, which may allow autonomous invocation unless the user explicitly disables it. This combination (financial actions + potential autonomous invocation) increases operational risk if the user does not enforce explicit invocation controls.
What to consider before installing
What to check before installing/using this skill: - Verify source/ownership: SKILL.md and package.json point to agentsbank domains and a GitHub repo, but the skill's registry entry shows 'source: unknown' and no homepage. Confirm the npm package and GitHub repository are legitimate and match the publisher (visit https://www.npmjs.com/package/@agentsbankai/sdk and the repo) before supplying credentials. - Metadata mismatch: The skill registry metadata does not declare the env vars that SKILL.md requires (AGENTSBANK_API_URL, AGENTSBANK_AGENT_USERNAME, AGENTSBANK_AGENT_PASSWORD). Treat that as a red flag — ask the publisher or maintainer to reconcile registry metadata with runtime requirements. - Protect credentials: The SDK requires a password or API key. Never commit AGENTSBANK_AGENT_PASSWORD to source control; use a secret manager or environment injection. Prefer using a scoped API key with limited permissions if available. - Prevent autonomous fund movement: By default this registry lists model invocation enabled. If you do not want the agent to initiate financial writes, explicitly set disableModelInvocation (or equivalent) so the model cannot autonomously call send/createWallet/register. Test read-only flows first on testnets. - Audit and test: Because this SDK can create wallets and send funds, review the SDK code (already included) and confirm endpoints are what you expect (base URL defaults to https://api.agentsbank.online). Start with low-privilege/test credentials and test on testnets before connecting real funds. - Ask for clarifications: Request that the maintainer update registry metadata to list required env vars and the intended default for model invocation; ask for signed or verifiable releases if you will run this in production. Why I marked this 'suspicious': there are coherent, expected SDK behaviors, but the mismatches between SKILL.md and registry metadata (required env vars and invocation defaults) plus the potential for autonomous financial actions create ambiguity and operational risk. If the registry metadata is corrected and you enforce disableModelInvocation for financial operations, this would reduce my concerns.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cs1mxvjn02y1efj6hkj3n4x80xt6z

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments