Walletconnect Agent
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: walletconnect-agent Version: 1.6.0 This skill bundle is classified as suspicious due to its inherent high-risk capabilities, specifically the autonomous signing of cryptocurrency transactions and browser automation (Puppeteer). While the functionality is aligned with the stated purpose of connecting to dApps and auto-signing, these actions involve direct interaction with real funds and sensitive operations. However, the bundle implements significant security measures, including strict handling of private keys (environment variables only, explicit refusal of command-line arguments in `scripts/wc-connect.js` and `scripts/register-basename.js`), default blocking of the dangerous `eth_sign` method, comprehensive audit logging to `~/.walletconnect-agent/audit.log` and `~/.basename-agent/audit.log` (with sensitive data masked), and an interactive mode for user confirmation. There is no evidence of intentional malicious behavior, data exfiltration, persistence, or prompt injection attempts against the AI agent in the `SKILL.md` or code.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A connected or compromised dApp could cause the agent to sign messages or submit transactions that move funds, approve tokens, mint assets, or otherwise mutate blockchain state before you inspect them.
The default workflow approves signing requests automatically, including transaction-capable WalletConnect methods, which can cause irreversible wallet actions without per-transaction review.
### Auto-Approve Mode (Default) ... All signing requests are automatically approved. Use only with trusted dApps!
Use interactive approval by default, add allowlists and spending limits, and only use a dedicated low-balance wallet with trusted dApps.
If the private key belongs to a funded or important wallet, this skill can authorize transactions with the same authority as the wallet owner.
The skill requires a raw wallet private key, which grants full signing authority for that wallet; registry metadata nevertheless declares no required env vars or primary credential.
Environment Variables (REQUIRED): * PRIVATE_KEY Wallet private key
Declare the credential requirement clearly, avoid main wallets, use a fresh limited-funds wallet, and prefer scoped signing or hardware-wallet approval where possible.
A future dependency resolution could install different code than the reviewer or user expected.
The exact package versions are not pinned, and no lockfile or install spec is provided. This is common npm practice, but it matters more for software that signs cryptocurrency transactions.
"dependencies": {
"@walletconnect/core": "^2.0.0",
"@walletconnect/web3wallet": "^1.0.0",
"ethers": "^6.0.0"
}Pin dependency versions, provide a lockfile, and install from a clean, trusted environment.
If the automated page or browser environment is compromised, the local machine has less browser-level isolation than usual.
The Basename helper launches browser automation with Chromium sandbox protections disabled. Browser automation is purpose-aligned, but disabling the sandbox increases exposure while loading live web content.
const browser = await puppeteer.launch({
headless: false,
args: ['--no-sandbox', '--disable-setuid-sandbox'],
});Run this only in a disposable or sandboxed environment, and avoid using the browser automation helper on untrusted sites.