Skill
WarnAudited by ClawScan on May 10, 2026.
Overview
This wallet-security skill is mostly transparent, but its documents conflict on whether the agent signer can move funds without Guardian co-signing.
Review this skill carefully before installing. It is not clearly malicious, but because it handles crypto wallet signing and the docs disagree about whether the agent can sign transactions alone, only use a dedicated limited signer, strict spending limits, and verified Guardian/co-signing settings.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may trust the signer credential as unable to transact alone, while some lower-tier transactions may not require Guardian co-signing depending on the actual policy and contract behavior.
The skill makes a strong safety claim that every transaction needs Guardian co-signing, while an included API reference describes a tier where the agent signs alone.
SKILL.md: "Every transaction requires both the agent's signature AND the Guardian's co-signature... The agent signer alone cannot execute any transaction." / references/api-reference.md: "LOW (below `guardianThreshold`): Agent signs alone"
Do not rely on the blanket dual-signature claim until the co-signing tiers are clarified. Configure thresholds, whitelists, and spending limits so all transactions require the level of review you expect.
If the signer or API key is misused, an agent may be able to authorize transactions from the Sigil account within configured policy limits, and the exact boundary is not consistently documented.
The required signer is a credential that authorizes wallet operations, and the documented low-tier mode makes its effective authority unclear.
package.json: "SIGIL_AGENT_SIGNER" is required for "UserOp signatures"; references/api-reference.md: "LOW (below `guardianThreshold`): Agent signs alone"
Use only a dedicated agent signer, never an owner wallet key, store it in a secrets manager, rotate it regularly, and verify the actual Sigil policy thresholds before giving the skill access.
Using this skill can cause real blockchain transactions and asset movement from the Sigil smart account.
The skill documents an API endpoint that can submit transactions on-chain. This is expected for an agent-wallet skill, but it is financially high-impact.
Execute (Evaluate + Co-sign + Submit On-Chain) ... POST https://api.sigil.codes/v1/execute
Start with small limits, strict target/function whitelists, and dry-run evaluation before allowing execute calls.
Transaction history and wallet activity may be processed by the Sigil service as part of risk scoring and auditing.
The service uses transaction history and audit context for AI risk scoring, which is purpose-aligned but involves sensitive wallet activity data.
AI analyzes the transaction in context of recent history ... GET `/audit?account=0x...` | Transaction evaluation history
Review Sigil's data retention and privacy practices before using the service for sensitive wallets.