Agent Wallet CLI
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: agent-wallet-cli Version: 1.4.0 The skill is classified as suspicious due to its inherently high-risk capabilities, which involve managing cryptocurrency wallets, sending funds, signing transactions, and handling sensitive information like private keys and session tokens. While the `SKILL.md` documentation is transparent about these risks, provides security advice, and explicitly disclaims telemetry or unauthorized network calls, the power of the `agent-wallet-cli` tool makes it a significant target for misuse through prompt injection against the AI agent or supply chain attacks via the `npm` package. There is no clear evidence of intentional malicious behavior within the provided files, but the potential for severe financial impact if misused warrants a 'suspicious' classification.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the password or a valid session token is available to the agent, a mistaken instruction, prompt injection, or compromised workflow could result in real crypto transfers; with the password, mnemonic export is also possible.
The artifact clearly states that password access enables wallet export and that session tokens can sign transactions. That is expected for a wallet skill, but it gives an agent authority over private keys and spendable funds.
If you give the agent your WALLET_PASSWORD, it can perform any password-level operation (init, import, unlock, and export)... Session tokens cannot export mnemonics or change passwords — they can only sign transactions and read balances.
Do not give the agent your wallet password or mnemonic. Unlock manually when possible, use short-lived tokens, keep only limited funds in the wallet, and require out-of-band human approval for any real transaction or export.
An agent could send funds or pay an x402 endpoint automatically if it has a valid token and is instructed or tricked into using these commands.
The documented workflows include non-interactive confirmation bypass and automatic payment behavior. For a crypto wallet, this can turn agent tool use into real spending without an interactive human confirmation step.
`--yes`: Skip confirmation prompt (required for non-TTY/agent use) ... The CLI detects 402 Payment Required responses, pays the requested amount in stablecoins, and retries.
Use `--dry-run` first, set strict `--max-amount` limits for x402, avoid `--yes` for real funds unless another approval gate exists, and only allow transfers to user-confirmed recipients and amounts.
You must trust the installed npm package and its future updates with sensitive wallet operations.
The skill relies on an external npm package that was not included in the artifact set for code review. This is normal for a CLI skill, but the package would handle wallet secrets and transaction signing.
npm install -g agent-wallet-cli ... Verify the npm package matches the repo: `npm info agent-wallet-cli`
Audit the package source, verify npm provenance and version, consider pinning a known-good version, and test only with small amounts before using real funds.