circle-wallet

WarnAudited by ClawScan on May 10, 2026.

Overview

This appears to be a coherent Circle USDC wallet skill, but it gives an agent direct money-transfer capability without a clearly documented confirmation or limiting safeguard.

Review before installing. This skill can manage Circle wallets and send USDC, including on production/mainnet if configured. Use sandbox first, protect the saved Circle credentials, and do not allow production transfers unless you have a reliable manual confirmation process for every recipient and amount.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

High

#ASI02: Tool Misuse and Exploitation

What this means

A mistaken prompt, bad address, prompt injection in surrounding context, or agent misunderstanding could initiate a real USDC transfer.

Why it was flagged

The documentation presents a direct agent-invoked money-transfer workflow to any address, without documenting mandatory confirmation, recipient allowlisting, amount limits, or production safeguards.

Skill content

- Send USDC to any address ... User: "Send 10 USDC to 0x123..." Agent: [circle-wallet send 0x123... 10] "Sent! TX: 0xabc..."

Recommendation

Require explicit per-transaction user confirmation with wallet, chain, recipient, and amount preview; default to sandbox; add production warnings, spending limits, and optional recipient allowlists.

Medium

#ASI03: Identity and Privilege Abuse

What this means

Anyone who can read or misuse the saved credentials may be able to control the associated Circle developer-controlled wallets.

Why it was flagged

The CLI saves the Circle API key and entity secret for later wallet operations. This is purpose-aligned, but those credentials can authorize sensitive wallet actions.

Skill content

saveConfig({
      apiKey,
      entitySecret,
      env,
      defaultChain: env === 'sandbox' ? 'ARC-TESTNET' : 'BASE'
    });

Recommendation

Use sandbox first, protect ~/.openclaw/circle-wallet/, prefer least-privileged or dedicated Circle keys, rotate exposed credentials, and ensure the registry clearly declares the credential requirement.

Low

#ASI05: Unexpected Code Execution

What this means

Installation executes the package build process on the user's machine.

Why it was flagged

Running npm install will execute the package's postinstall build step. This is common for TypeScript CLIs, but users should know installation runs local code.

Skill content

"scripts": {
    "build": "tsc && chmod +x dist/cli.js",
    "postinstall": "npm run build"

Recommendation

Review the package source and dependencies before running npm install, especially because this skill will later handle wallet credentials.