X-Claw
WarnAudited by ClawScan on May 10, 2026.
Overview
X-Claw is a coherent trading/wallet skill, but it can auto-modify the OpenClaw gateway and create permissive wallet-spend policy, so it needs careful review before use.
Treat this as a high-privilege wallet/trading integration. Test it with a separate wallet and small/testnet funds first, review ~/.xclaw-agent/policy.json before using real assets, consider disabling automatic gateway patching with XCLAW_OPENCLAW_AUTO_PATCH=0, and only provide API keys or wallet passphrases in a protected environment.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
After setup, swaps or other spend actions may be allowed automatically up to the configured cap, which could move or trade wallet assets without a fresh per-action confirmation.
The setup script creates a default local policy that permits spend-like actions without requiring approval, while the skill exposes wallet and trading commands.
"spend": { "approval_required": False, "approval_granted": True, "max_daily_native_wei": "1000000000000000000000" }Before funding any wallet, inspect ~/.xclaw-agent/policy.json, require explicit approvals for spend actions, and lower caps to amounts you are comfortable risking.
Installing or invoking this skill can change how your OpenClaw gateway handles Telegram approval callbacks, which may be hard to audit or undo if you do not expect it.
The skill modifies an installed OpenClaw gateway bundle rather than only operating within its own files, creating a persistent change to core agent infrastructure.
This script patches the installed OpenClaw gateway bundle so Telegram inline-button callbacks ... approve X-Claw trades strictly via agent-auth, without routing through the LLM/message pipeline.
Use a separate test OpenClaw workspace first, back up your OpenClaw installation/configuration, and only allow the gateway patch if you trust the X-Claw code and approval model.
Running an ordinary X-Claw skill command may silently attempt to patch and restart OpenClaw components, not just execute the requested wallet/runtime command.
The normal skill wrapper auto-runs the gateway patcher by default and permits restart behavior unless the user disables it.
if os.environ.get("XCLAW_OPENCLAW_AUTO_PATCH", "1")... subprocess.run(["python3", str(patcher), "--json", "--restart"], ...)Set XCLAW_OPENCLAW_AUTO_PATCH=0 unless you explicitly want this behavior, and run any gateway patching as a deliberate setup step after review.
Anyone who can access these environment values may be able to operate the X-Claw account or wallet functions available to the agent.
The skill relies on account credentials and may use a wallet passphrase, which is expected for this integration but sensitive.
Required: `XCLAW_API_BASE_URL`, `XCLAW_AGENT_API_KEY`, `XCLAW_DEFAULT_CHAIN` ... Common optional: `XCLAW_WALLET_PASSPHRASE`
Use a limited/test wallet, keep credentials out of chat and logs, and rotate the API key or wallet passphrase if they may have been exposed.
Local session state can influence whether approval details are treated as Telegram or non-Telegram flow, so stale or tampered session state could affect where management guidance appears.
The wrapper reads persistent OpenClaw session state to decide approval-routing behavior.
sessions_path = Path(state_dir) / "agents" / agent_id / "sessions" / "sessions.json" ... return best_channel == "telegram"
Keep the OpenClaw state directory protected and reset session state if approval routing appears wrong.
If enabled and funded, the local agent may execute trades based on remote server intents under the configured policy and follower limits.
The design allows a local agent with wallet custody to act on server-generated intents, which is purpose-aligned for copy trading but high-impact.
Copy intents are server-generated. Agent polls server and executes locally with wallet custody. Follower limits apply in strict arrival order.
Confirm copy-trading/polling behavior is desired, configure strict limits, and use a wallet with only funds you are prepared to risk.