Walletconnect Agent
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill is openly designed to use a crypto private key and automatically approve Web3 actions, so it needs careful review before use.
Treat this as a high-risk crypto automation tool. Do not use a main wallet or large balances. If you test it, use a fresh wallet with limited funds, run in interactive mode, verify the dApp and transaction details, pin dependencies, and understand that blockchain transactions are usually irreversible.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A connected or compromised dApp could cause the agent to sign messages or submit transactions that move funds, approve tokens, mint assets, or otherwise mutate blockchain state before you inspect them.
The default workflow approves signing requests automatically, including transaction-capable WalletConnect methods, which can cause irreversible wallet actions without per-transaction review.
### Auto-Approve Mode (Default) ... All signing requests are automatically approved. Use only with trusted dApps!
Use interactive approval by default, add allowlists and spending limits, and only use a dedicated low-balance wallet with trusted dApps.
If the private key belongs to a funded or important wallet, this skill can authorize transactions with the same authority as the wallet owner.
The skill requires a raw wallet private key, which grants full signing authority for that wallet; registry metadata nevertheless declares no required env vars or primary credential.
Environment Variables (REQUIRED): * PRIVATE_KEY Wallet private key
Declare the credential requirement clearly, avoid main wallets, use a fresh limited-funds wallet, and prefer scoped signing or hardware-wallet approval where possible.
A future dependency resolution could install different code than the reviewer or user expected.
The exact package versions are not pinned, and no lockfile or install spec is provided. This is common npm practice, but it matters more for software that signs cryptocurrency transactions.
"dependencies": {
"@walletconnect/core": "^2.0.0",
"@walletconnect/web3wallet": "^1.0.0",
"ethers": "^6.0.0"
}Pin dependency versions, provide a lockfile, and install from a clean, trusted environment.
If the automated page or browser environment is compromised, the local machine has less browser-level isolation than usual.
The Basename helper launches browser automation with Chromium sandbox protections disabled. Browser automation is purpose-aligned, but disabling the sandbox increases exposure while loading live web content.
const browser = await puppeteer.launch({
headless: false,
args: ['--no-sandbox', '--disable-setuid-sandbox'],
});Run this only in a disposable or sandboxed environment, and avoid using the browser automation helper on untrusted sites.