Agent Wallet CLI
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
Review before installing: this skill is openly a crypto-wallet controller, but giving it a password or session token can let an agent spend real funds or export a wallet.
Only install this if you are comfortable giving an agent limited, carefully controlled access to a crypto wallet. Use a dedicated low-balance wallet, avoid sharing the wallet password or mnemonic, prefer short-lived session tokens, require manual confirmation for every real transfer, and audit or pin the npm package before trusting it with funds.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the password or a valid session token is available to the agent, a mistaken instruction, prompt injection, or compromised workflow could result in real crypto transfers; with the password, mnemonic export is also possible.
The artifact clearly states that password access enables wallet export and that session tokens can sign transactions. That is expected for a wallet skill, but it gives an agent authority over private keys and spendable funds.
If you give the agent your WALLET_PASSWORD, it can perform any password-level operation (init, import, unlock, and export)... Session tokens cannot export mnemonics or change passwords — they can only sign transactions and read balances.
Do not give the agent your wallet password or mnemonic. Unlock manually when possible, use short-lived tokens, keep only limited funds in the wallet, and require out-of-band human approval for any real transaction or export.
An agent could send funds or pay an x402 endpoint automatically if it has a valid token and is instructed or tricked into using these commands.
The documented workflows include non-interactive confirmation bypass and automatic payment behavior. For a crypto wallet, this can turn agent tool use into real spending without an interactive human confirmation step.
`--yes`: Skip confirmation prompt (required for non-TTY/agent use) ... The CLI detects 402 Payment Required responses, pays the requested amount in stablecoins, and retries.
Use `--dry-run` first, set strict `--max-amount` limits for x402, avoid `--yes` for real funds unless another approval gate exists, and only allow transfers to user-confirmed recipients and amounts.
You must trust the installed npm package and its future updates with sensitive wallet operations.
The skill relies on an external npm package that was not included in the artifact set for code review. This is normal for a CLI skill, but the package would handle wallet secrets and transaction signing.
npm install -g agent-wallet-cli ... Verify the npm package matches the repo: `npm info agent-wallet-cli`
Audit the package source, verify npm provenance and version, consider pinning a known-good version, and test only with small amounts before using real funds.