ClawHub

Openclast Wallet

v1.0.0

Guides the agent in Openclast/Openclaw wallet usage, approvals, and safety rules. Use when users ask about wallet setup, balances, transactions, approvals, or key export.

0· 1.2k·5 current·5 all-time
by@fabriziogianni7
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the SKILL.md: it guides wallet setup, balances, transactions, approvals, and key export. The instructions reference wallet CLI commands, config files, approval flows, chain IDs, and block explorers—all reasonable for a wallet helper.
Instruction Scope
The SKILL.md stays within wallet-related operations (setup, read balances, prepare/send txs, require approvals, key export warnings). It references host tooling (wallet_send, wallet_balance, etc.) and recommends creating wallet-config.json in the project root. Note: it suggests use of well-known public RPCs and example env gates (see environment note). It does not instruct reading unrelated system files or exfiltrating data, but it does instruct the agent to create a local config file which may contain sensitive data if misused.
Install Mechanism
Instruction-only skill with no install spec and no bundled code—lowest-risk install footprint. No downloads or package installs are requested.
Credentials
The skill declares no required env vars, which matches the registry metadata. However the SKILL.md references an example environment gate (MOLTBOT_ALLOW_WALLET_EXPORT=1) that is not listed in requires.env. This is an illustrative suggestion rather than a required credential, but users should be aware the instructions reference environment gates and OS keychain usage even though none are formally required.
Persistence & Privilege
The skill is not always-on and does not request elevated or persistent platform privileges. It may direct creation of wallet-config.json and expects the host to provide wallet CLI/tools; creating local config files is expected for a wallet skill but can store sensitive data if committed to source control—users should manage that carefully.
Assessment
This skill appears coherent for guiding wallet operations, but review these points before installing: - It is instruction-only and has no declared credentials, yet the guide references an example env gate (MOLTBOT_ALLOW_WALLET_EXPORT). That env var is not required by the registry metadata—treat it as a recommended safety measure, not as an installed requirement. - The guide instructs creating wallet-config.json in the project root. Ensure you do not commit that file (it may contain sensitive settings or keys). Prefer using OS keychain / secrets manager and .gitignore for config files. - Key export is explicitly dangerous; follow the guide's confirmation and environment-gate advice. If your host cannot securely export keys, avoid exporting and use safer alternatives. - The skill expects host-provided wallet tools (wallet_send, wallet_balance, etc.) or a wallet CLI; only use this skill if those host tools are trusted and available. - Although always:false, the platform allows autonomous invocation by default—if you are concerned about an agent making transactions automatically, review agent permissions and the wallet config (notify vs auto mode) before enabling. If you need tighter guarantees, ask the skill author to declare any env gates in metadata, and document exactly where local files are written and what they contain.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ae23yckqwdqg1m34ancmvnh80jwam

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments