Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
wallet-mcp
v1.5.0Generate, manage, and perform multi-chain wallet operations on Solana and EVM chains with JSON output, including batch sends, sweeps, scans, imports, and exp...
⭐ 0· 34·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (wallet manager for Solana/EVM) aligns with the code and tooling included. However, the registry lists no required environment variables or credentials while the code and documentation rely on several env vars (SOLANA_RPC_URL, EVM_RPC_URL, WALLET_DATA_DIR, .env) and on persistent local storage (~/.wallet-mcp/wallets.csv). The skill also offers commands to export/import private keys and to write configuration into OpenClaw files — capabilities that are expected for a wallet manager but are sensitive and should have been reflected in the declared requirements.
Instruction Scope
SKILL.md tightly constrains runtime behavior (must call wallet.py, synchronous commands) and documents many wallet operations (generate, send, sweep, import/export with include-keys). It explicitly instructs modifying OpenClaw files (download SKILL.md/wallet.py into ~/.openclaw and use an openclaw-setup command), references local secrets files (.env and ~/.wallet-mcp/wallets.csv), and encourages passing private keys (albeit recommending label lookups). The instructions therefore direct the agent to read and write sensitive local files and to accept private keys via CLI — all within scope for a wallet tool but high‑sensitivity actions that were not declared in the registry metadata.
Install Mechanism
Registry contains no formal install spec, but the repository includes full installation docs that instruct installing via uv (git+https://github.com/genoshide/wallet-mcp.git) or pip from GitHub. Installing as directed would pull code from a public GitHub repo and place executables on disk. No direct download-from-untrusted-URL shorteners are present, but the installation process entails running third‑party code from GitHub — a moderate risk that requires repository trust and review before install.
Credentials
The package declares no required env vars in the registry, yet the code and docs expect and load .env variables (SOLANA_RPC_URL, EVM_RPC_URL, WALLET_DATA_DIR, LOG_LEVEL). The tool also reads/writes a local wallets.csv containing private keys and provides import/export with an option to include raw private keys. Requiring no declared credentials while manipulating/consuming private keys and environment RPC URLs is a problematic omission and increases the chance of accidental exposure.
Persistence & Privilege
The project includes an openclaw-setup command and documentation that appends a wallet-mcp entry into ~/.openclaw/workspace/TOOLS.md to persist the tool in agent memory across '/new' sessions. That behavior modifies the agent's persistent configuration files (other than the skill's own files), which is an elevated privilege and should be highlighted to administrators; the registry flags do not reflect this persistence action. always:false mitigates forced inclusion, but the skill provides an explicit helper to make itself persistent.
What to consider before installing
This skill appears to be a real multi‑chain wallet manager (it implements generation, batch sends, sweeps, imports/exports and stores private keys locally). That said, proceed cautiously:
- Do not run this against real private keys or production balances until you audit the repository source and are certain you trust it. The tool stores private keys in plaintext CSV (~/.wallet-mcp/wallets.csv) and supports export/import with raw keys.
- The registry metadata omitted environment/credential declarations yet the code reads .env and expects SOLANA_RPC_URL / EVM_RPC_URL and a WALLET_DATA_DIR. Expect to provide these values and review any .env files carefully.
- The skill includes a helper (openclaw-setup) that will append entries to your OpenClaw TOOLS.md to make the tool persist in the agent’s memory. If you do not want the tool to modify agent configuration, do not run that helper or inspect its code first.
- Installation instructions pull code from GitHub (uv tool install git+https://github.com/...). Treat that as running third‑party code — review the repo or run in an isolated environment (VM/container) first.
- Prefer using labels (--from-label / --to-label) rather than pasting private keys into chat or command lines; avoid --include-keys unless creating an encrypted backup in a secure location.
What would raise confidence: a clear declaration of required env vars/paths in the registry, a smaller least-privilege install option, and explicit code review confirming no hidden network endpoints or telemetry that could exfiltrate keys. If you want, I can highlight the specific source files/lines to review (e.g., openclaw/wallet.py, src/wallet_mcp/core/storage.py, and the openclaw-setup implementation) and search for network calls or file-writing code paths.Like a lobster shell, security has layers — review code before you run it.
ai-agentvk9784e208pce0tqkteadbjk2vn84sqbsairdropvk9784e208pce0tqkteadbjk2vn84sqbsclaudevk9784e208pce0tqkteadbjk2vn84sqbscryptocurrencyvk9784e208pce0tqkteadbjk2vn84sqbsevmvk9784e208pce0tqkteadbjk2vn84sqbslatestvk9784e208pce0tqkteadbjk2vn84sqbsmcpvk9784e208pce0tqkteadbjk2vn84sqbsmcp-servervk9784e208pce0tqkteadbjk2vn84sqbsmcp-toolsvk9784e208pce0tqkteadbjk2vn84sqbsopenclawvk9784e208pce0tqkteadbjk2vn84sqbspythonvk9784e208pce0tqkteadbjk2vn84sqbssolanavk9784e208pce0tqkteadbjk2vn84sqbstelegram-botvk9784e208pce0tqkteadbjk2vn84sqbswalletvk9784e208pce0tqkteadbjk2vn84sqbswallet-generatorvk9784e208pce0tqkteadbjk2vn84sqbswallet-mcpvk9784e208pce0tqkteadbjk2vn84sqbsweb3vk9784e208pce0tqkteadbjk2vn84sqbs
License
MIT-0
Free to use, modify, and redistribute. No attribution required.