Warden Messari Agent
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: warden-messari-agent Version: 1.0.0 The skill bundle is classified as suspicious due to the presence of high-risk capabilities, specifically the explicit instructions for shell command execution (e.g., `curl`, `cast`) and the handling of real-money micropayments via the x402 protocol, which involves cryptographic signing for USDC transfers. While these actions are presented as part of the skill's stated purpose (interacting with a crypto research agent), they introduce significant vulnerabilities if the OpenClaw agent's execution environment or input sanitization is not robust. The `SKILL.md` file details these operations, including external network calls to `https://messari.agents.wardenprotocol.org`, `https://mainnet.base.org`, and payment facilitators like `https://facilitator.payai.network`.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may cause a USDC payment for each query if the user or agent signs the x402 payment payload.
The skill describes signing a payment authorization that can spend USDC for each request. This is purpose-aligned and disclosed, but it uses real wallet/payment authority.
Payment: x402 USDC micropayments ($0.25 per request on Base mainnet) ... Create a signed EIP-3009 authorization (gasless; the facilitator submits the on-chain transfer)
Verify the amount, network, recipient, and payment header before signing; consider using a dedicated wallet or spending limits.
Questions sent through this skill may be visible to the external Messari/Warden service.
The skill routes user questions to an external A2A agent endpoint. This is the core purpose, but user-provided query text leaves the local environment.
Base URL: `https://messari.agents.wardenprotocol.org` ... All queries use the A2A JSON-RPC 2.0 protocol on `POST /`.
Do not send secrets, private wallet information, or confidential business data in research prompts; verify the endpoint before use.
Users have less registry-provided information to confirm the publisher and official endpoint before making payments.
The registry metadata does not provide a source repository or homepage, which limits independent provenance checks for a skill that instructs users to interact with a paid external crypto service.
Source: unknown; Homepage: none
Independently verify the Warden/Messari endpoint and any on-chain registration information before signing payments.