Basename Agent
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: basename-agent Version: 2.1.0 The skill is designed to register on-chain identities and emails, which inherently involves high-risk operations like handling private keys and sending blockchain transactions. While this is a risky capability, the bundle implements significant security safeguards: both `scripts/register-basename.js` and `scripts/wc-connect.js` explicitly warn against and prevent passing private keys as command-line arguments, implement audit logging to `~/.basename-agent/audit.log` and `~/.walletconnect-agent/audit.log` respectively, and crucially, block the dangerous `eth_sign` method by default. There is no evidence of intentional malicious behavior such as data exfiltration, backdoors, or prompt injection attempts to subvert the agent's core directives. The risks are inherent to the functionality, not indicative of malice, thus classifying it as suspicious rather than malicious.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or mistaken WalletConnect URI could cause the agent to approve wallet actions before you personally review them.
The helper exposes transaction and signing methods and defaults to non-interactive auto-approval unless the user explicitly passes --interactive.
Allows AI agents to programmatically connect to dApps via WalletConnect and automatically sign transactions... interactive: false... methods: ['eth_sendTransaction', 'eth_signTransaction', 'personal_sign', 'eth_signTypedData', 'eth_signTypedData_v4']
Use only trusted WalletConnect URIs, run with --interactive, and keep only limited funds in a dedicated wallet.
If the agent or connected dApp behaves unexpectedly, the wallet tied to PRIVATE_KEY could sign messages or transactions with real financial consequences.
A raw wallet private key grants broad signing and spending authority; the artifacts do not enforce contract, amount, or dApp limits around that authority.
Environment Variables (REQUIRED): PRIVATE_KEY Wallet private key
Never use a primary wallet key; create a dedicated low-balance wallet and verify every transaction destination and value.
The agent may treat financial/onchain registration as something it should do without asking you first.
The wording encourages the agent to avoid human confirmation even though the workflow can spend ETH, donate funds, and sign wallet messages.
Your agent deserves a name and an email. Get both without bothering your human.
Require explicit user approval before any registration, donation, wallet signature, or transaction.
Installing dependencies may run with code that differs from what was reviewed here.
The package uses version ranges, so a future npm install could fetch dependency versions not represented in this review.
"dependencies": {
"@walletconnect/core": "^2.0.0",
"@walletconnect/web3wallet": "^1.0.0",
"ethers": "^6.0.0",
"puppeteer": "^21.0.0"
}Use a lockfile or pinned dependency versions and install in an isolated environment.