Golden Claw
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
Golden Claw is a coherent Solana wallet skill, but it deserves review because it auto-installs mutable npm dependencies at runtime and can make irreversible wallet transfers or donations.
Only use this with a dedicated, low-value Solana wallet until the full wallet implementation and dependency chain are reviewed. Install dependencies deliberately rather than allowing surprise runtime installs, verify every destination and amount before sending or donating, and never leave wallet passwords or seed phrases in persistent agent context.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill can fetch and execute npm dependency installation behavior on the user's machine before the requested wallet command proceeds.
The skill runs a shell/package-manager command automatically when loaded if dependencies are missing, rather than relying only on an explicit user-approved install step.
if (!fs_1.default.existsSync(path_1.default.join(skillRoot, 'node_modules'))) { ... (0, child_process_1.execSync)('npm install', { cwd: skillRoot, stdio: 'inherit' }); }Move dependency installation to an explicit install spec or user-approved setup step, pin dependencies, and avoid automatic runtime npm install.
A future dependency update or compromised dependency could affect wallet creation, encryption, or transaction signing.
Caret version ranges allow newer dependency versions to be resolved during npm install, which is especially sensitive for a wallet skill that handles private keys and signing.
"dependencies": { "@solana/spl-token": "^0.4.0", "@solana/web3.js": "^1.98.4", "argon2": "^0.41.0", "bip39": "^3.1.0", "bs58": "^6.0.0", "ed25519-hd-key": "^1.3.0" }Use exact dependency versions with a lockfile and reproducible install process; review dependency provenance before using real funds.
If the agent is given the wallet password and invokes donation with an amount, real SOL can be irreversibly transferred.
The donation function sends native SOL from the user's wallet to the configured treasury address. The shown code checks amount and balance, but does not show the GCLAW spending-limit or confirmation-threshold controls used for token sends.
const toPubkey = new web3_js_1.PublicKey(config_js_1.GCLAW_DONATE_ADDRESS); ... SystemProgram.transfer({ fromPubkey: keypair.publicKey, toPubkey, lamports: lamportsToSend })Require explicit user confirmation for every SOL transfer, display the exact destination and amount, and apply per-transaction and daily limits to native SOL donations.
Anyone or any agent workflow with the wallet password can potentially sign transactions from this wallet.
The skill uses a wallet password to load a signing keypair and authorize blockchain transactions, which is expected for a wallet but grants high-impact authority.
const keypair = await (0, wallet_js_1.loadWallet)(password); ... sendAndConfirmTransaction(connection, transaction, [keypair])
Use a dedicated low-balance wallet, provide the password only when needed, and do not reuse passwords or seed phrases from other wallets.
If the transcript or agent context is exposed, the wallet recovery phrase could be exposed and funds could be stolen.
Wallet setup returns the recovery mnemonic in the agent-visible response. This is normal for wallet backup, but the phrase may enter chat history, logs, or agent context.
`🔑 BACKUP SEED PHRASE (SAVE THIS!)` ... `${result.mnemonic}`Capture the seed phrase securely, avoid asking the agent to repeat it, and do not store it in shared chats or persistent agent memory.