Emblem Ai Agent Wallet
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: emblemai-agentwallet Version: 3.0.9 The OpenClaw AgentSkills skill bundle for 'emblem-ai-agent-wallet' is classified as benign. While it handles highly sensitive cryptocurrency operations, the documentation (SKILL.md) demonstrates a strong commitment to security and transparency. Crucially, it explicitly states that 'All wallet-modifying actions require your explicit confirmation before execution,' which prevents prompt injection from leading to unauthorized transactions. Furthermore, it details robust credential storage (AES-256-GCM encryption, `chmod 600` for sensitive files in `~/.emblemai/`), provides a comprehensive security advisory, and links to auditable open-source code, indicating a well-intentioned and responsible design.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked with wallet access, the agent may be able to initiate trades or transfers that are difficult or impossible to reverse.
The skill routes user or agent requests into a wallet CLI that can perform irreversible financial actions, but the provided instructions do not show clear transaction confirmation, amount limits, recipient verification, or a read-only default.
"Swap $20 of SOL to USDC"; "Send 0.1 ETH to 0x..."; "All requests are routed through `emblemai` under the hood."
Only use this with a small, separate wallet unless the CLI provides explicit confirmations. Require manual approval for every transaction, including chain, token, amount, recipient, and fees.
Anyone or anything with this password may be able to access the same wallet, and losing it may mean losing access.
The skill requires a password that derives or unlocks wallet access; this is expected for the stated wallet purpose, but it is a high-value credential.
"Required env vars: EMBLEM_PASSWORD" and "No recovery if lost (treat it like a private key)"
Use a unique strong password, do not reuse it elsewhere, keep it out of chat transcripts and logs, and prefer a limited wallet for agent activity.
Local compromise or misuse of saved session files could expose wallet access or account state.
The skill persists authentication state locally, which is purpose-aligned but sensitive because saved sessions can preserve access beyond a single interaction.
"Checks `~/.emblemai/session.json` for a saved session" and "The session JWT is captured, saved to disk"
Protect the local ~/.emblemai directory, understand how to revoke or delete sessions, and avoid using this on shared or untrusted machines.
The actual wallet behavior depends on the installed npm package, not just this instruction file.
The skill depends on a globally installed external CLI package; this is disclosed and central to the purpose, but the reviewed artifact set did not include the package code.
`npm install -g @emblemvault/agentwallet`
Install only from the official package/source, verify the publisher and version, and review the CLI’s behavior before connecting a valuable wallet.