circle-wallet

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This is a coherent Circle USDC wallet skill, but it gives an agent the power to send real funds using stored Circle credentials without documented approval limits or confirmation safeguards.

Only install this if you are comfortable giving an OpenClaw agent access to a Circle developer-controlled wallet. Keep it in sandbox/testnet unless you have strong approval controls, protect the local credential files, and require manual confirmation before any USDC send operation.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI02: Tool Misuse and Exploitation

High

What this means

If invoked incorrectly or by a prompt-influenced agent, the skill could move USDC to an unintended address, including on production/mainnet wallets.

Why it was flagged

The source directly creates Circle wallet transactions that transfer USDC, and the provided artifacts do not document a separate confirmation step, allowlist, amount limit, or production safeguard before this high-impact action.

Skill content

const response = await this.client.createTransaction({
      walletId: params.fromWalletId,
      tokenId,
      destinationAddress: params.toAddress,
      amount: [params.amount],
      fee: { type: 'level', config: { feeLevel: 'MEDIUM' } }
    });

Recommendation

Require explicit user confirmation immediately before every send, show a transaction preview with amount, chain, from-wallet, and destination, and consider amount limits, address allowlists, and a separate production opt-in.

#ASI03: Identity and Privilege Abuse

Medium

What this means

Anyone or any process that can read this config file may gain access to sensitive Circle wallet credentials.

Why it was flagged

The API key and entity secret are saved as a JSON config file in the skill's local directory. This is expected for a wallet CLI, but those credentials can authorize wallet operations and should be protected.

Skill content

const CONFIG_FILE = path.join(CONFIG_DIR, 'config.json');
...
fs.writeFileSync(CONFIG_FILE, JSON.stringify(config, null, 2));

Recommendation

Store the config directory with restrictive permissions, avoid sharing ~/.openclaw/circle-wallet/, and prefer OS keychain or encrypted secret storage for production funds.

#ASI05: Unexpected Code Execution

Low

What this means

Installing the package runs the package's build command on the local machine.

Why it was flagged

The documented npm install flow will execute a postinstall build script. This is consistent with a TypeScript CLI package, but it means install runs local build commands.

Skill content

"scripts": {
    "build": "tsc && chmod +x dist/cli.js",
    "postinstall": "npm run build"

Recommendation

Review the package source before installing, use the included lockfile or a reproducible install process, and install only from a trusted copy.