crypto-treasury-ops
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This appears purpose-built for crypto treasury operations, but it asks for raw wallet private keys and can move or trade funds while registry metadata under-declares those credentials and the npm supply chain is not locked down.
Install only if you intentionally want an agent to operate a limited treasury wallet. Use a dedicated hot wallet or delegated signer, keep dry-run and approval workflows manual, configure strict allowlists and limits, secure local logs, and pin/audit dependencies before providing any private keys.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If configured, an agent can use the treasury private keys to sign transactions that move crypto assets or place trades; mistakes or misuse can cause irreversible loss.
The skill requires raw EVM and Solana signing keys for execution, but the registry metadata says there are no required env vars and no primary credential.
Required variables: TREASURY_PRIVATE_KEY=0x... SOLANA_TREASURY_PRIVATE_KEY=... ZEROX_API_KEY=...; Do not pass private keys in tool input JSON; this skill reads them from the environment only
Use only a dedicated limited hot wallet or delegated signer, set strict allowlists and low limits, and update the credential metadata so users see the required authority before install.
A bad quote, wrong route, or over-permissive approval could result in funds being sent or approved on-chain.
Bridge execution signs and broadcasts transaction data returned by an external quote provider. This is expected for bridge tooling, but it is a high-impact trust boundary.
const sourceTxHash = await this.walletService.sendTransaction(... { to: txRequest.to, data: txRequest.data, value: txRequest.value ? BigInt(txRequest.value) : 0n, ... })Always run quote_operation or dryRun immediately before execution, verify recipient/route/provider details, and require real human confirmation for any state-changing call.
A future dependency update pulled during npm install could change wallet, signing, or transaction behavior without being reflected in the reviewed artifacts.
The npm dependencies are version ranges, and the provided manifest does not include a lockfile. For a private-key signing skill, dependency drift is a material supply-chain concern.
"@mayanfinance/swap-sdk": "^13.2.0", "@nktkas/hyperliquid": "^0.32.1", "@solana/web3.js": "^1.98.4", "viem": "^2.23.5"
Pin dependencies, ship a lockfile, audit dependency updates, and install only from a verified source before providing wallet credentials.
External APIs may learn wallet addresses, intended routes, and transaction sizes.
The bridge provider receives wallet addresses, token amounts, and route data. This is purpose-aligned, but it shares treasury activity metadata with external providers.
endpoint.searchParams.set("fromAddress", request.fromAddress); endpoint.searchParams.set("toAddress", request.toAddress); endpoint.searchParams.set("fromAmount", request.amount.toString()); const response = await fetch(endpoint, ...)Use trusted provider endpoints, review privacy implications, and consider custom RPC/provider configuration for sensitive treasury operations.
Local logs may reveal wallet activity, addresses, amounts, or operational patterns to anyone with filesystem access.
The skill persists an action log locally. There is no evidence it logs private keys or exfiltrates data, but treasury action history can still be sensitive.
JSONL audit logging for every action in `.runtime/treasury-ops.log`
Protect the runtime log path, rotate or delete logs when appropriate, and avoid storing secrets in tool inputs.