ClawHub
Skill flagged โ€” suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Walletconnect Agent

v1.6.0

๐Ÿ”— WalletConnect Agent - dApp Access for AI. Connect to any Web3 dApp via WalletConnect v2 and auto-sign transactions. Swap tokens, mint NFTs, vote in DAOs, register domains โ€” anything a human can do, your agent does autonomously.

โญ 1ยท 2.3kยท3 currentยท3 all-time
byJu Chun Ko@daaab
MIT-0
Download zip
LicenseMIT-0 ยท Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report โ†’
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill legitimately needs a private key to auto-sign transactions and the scripts (wc-connect.js, register-basename.js) expect PRIVATE_KEY in the environment. However the registry metadata incorrectly states no required env vars and primary credential none โ€” this mismatch is an incoherence that could mislead users. The code also embeds a default WalletConnect project ID and agent metadata (clawd.bot), which is consistent with operation but should be noticed.
!
Instruction Scope
SKILL.md and the scripts instruct the agent to perform fully autonomous signing (auto-approve mode) and to automate a browser (register-basename.js uses puppeteer). The register script reads the clipboard and page content to extract WalletConnect URIs, launches a visible browser, manipulates the dApp UI, and approves/signs operations โ€” all of which are within the described purpose but expand the agent's access surface (clipboard and arbitrary page content). The instructions also write audit logs to the user's home directory. The combination of autonomous auto-signing and browser automation increases risk if used with a main wallet or untrusted dApps.
!
Install Mechanism
There is no install spec (instruction-only), which reduces installer-level risk, but package.json is included for dependencies. Notably, the register-basename.js uses puppeteer, yet package.json does not list puppeteer as a dependency โ€” a clear inconsistency that will cause runtime failures or require manual installation of additional packages. Dependencies that are listed (@walletconnect/* and ethers) are expected and from normal npm registries; there are no external download URLs or obfuscated installers.
โ„น
Credentials
Requesting a PRIVATE_KEY env var is proportionate to the stated capability (auto-signing transactions). Optional env vars (WC_PROJECT_ID, CHAIN_ID, RPC_URL) are reasonable. The problem is the registry metadata omits declaring these required env vars (so declared requirements don't match actual needs). The scripts write masked audit logs to ~/.walletconnect-agent and ~/.basename-agent โ€” this is expected but you should be aware files are created in your home directory.
โœ“
Persistence & Privilege
The skill does not request 'always:true' and is user-invocable. It persists only by creating audit log directories under the user's HOME and does not modify other skills or system-wide agent settings. Autonomous invocation (disable-model-invocation:false) is normal for skills but combined with auto-approve behavior increases blast radius โ€” keep that in mind.
What to consider before installing
This skill will auto-sign blockchain transactions and therefore requires your wallet private key (set via the PRIVATE_KEY environment variable). Before installing or running it: 1) Do not use your main wallet โ€” create a dedicated wallet with minimal funds. 2) Inspect the included scripts yourself: they launch a browser (puppeteer), read the clipboard/page content, and will auto-approve transactions unless you pass --interactive. 3) Note two inconsistencies: the registry metadata does not declare the required PRIVATE_KEY env var, and package.json omits puppeteer even though register-basename.js requires it โ€” you'll need to install puppeteer manually or the script will fail. 4) Prefer running in interactive mode (use --interactive) and test with dry-run and tiny amounts first. 5) If you don't trust the author or can't audit the code, do not supply any real private key; instead run in an isolated environment or container and use a throwaway wallet. Additional info that would raise confidence to 'high': confirmation from the publisher about the missing dependency and an updated registry manifest that declares required env vars, or a signed release from a known source.

Like a lobster shell, security has layers โ€” review code before you run it.

latestvk970cd66npe9p8ccrkyn0f2f7580saq4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments