Golden Claw
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: goldenclaw Version: 1.0.0 The skill is classified as suspicious due to the use of `child_process_1.execSync('npm install')` in `dist/index.js`. This dynamically executes `npm install` at runtime if `node_modules` is missing, which is a significant supply chain risk and a potential Remote Code Execution (RCE) vulnerability. While the current `package.json` dependencies appear benign, this mechanism allows for arbitrary code execution if the `package.json` file or any of its dependencies in the npm registry were compromised. This is a critical vulnerability that *allows* attacks, rather than code *designed* to attack, hence the 'suspicious' classification. Other aspects, such as wallet management and network interactions, appear to follow good security practices and align with the stated purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill can fetch and execute npm dependency installation behavior on the user's machine before the requested wallet command proceeds.
The skill runs a shell/package-manager command automatically when loaded if dependencies are missing, rather than relying only on an explicit user-approved install step.
if (!fs_1.default.existsSync(path_1.default.join(skillRoot, 'node_modules'))) { ... (0, child_process_1.execSync)('npm install', { cwd: skillRoot, stdio: 'inherit' }); }Move dependency installation to an explicit install spec or user-approved setup step, pin dependencies, and avoid automatic runtime npm install.
A future dependency update or compromised dependency could affect wallet creation, encryption, or transaction signing.
Caret version ranges allow newer dependency versions to be resolved during npm install, which is especially sensitive for a wallet skill that handles private keys and signing.
"dependencies": { "@solana/spl-token": "^0.4.0", "@solana/web3.js": "^1.98.4", "argon2": "^0.41.0", "bip39": "^3.1.0", "bs58": "^6.0.0", "ed25519-hd-key": "^1.3.0" }Use exact dependency versions with a lockfile and reproducible install process; review dependency provenance before using real funds.
If the agent is given the wallet password and invokes donation with an amount, real SOL can be irreversibly transferred.
The donation function sends native SOL from the user's wallet to the configured treasury address. The shown code checks amount and balance, but does not show the GCLAW spending-limit or confirmation-threshold controls used for token sends.
const toPubkey = new web3_js_1.PublicKey(config_js_1.GCLAW_DONATE_ADDRESS); ... SystemProgram.transfer({ fromPubkey: keypair.publicKey, toPubkey, lamports: lamportsToSend })Require explicit user confirmation for every SOL transfer, display the exact destination and amount, and apply per-transaction and daily limits to native SOL donations.
Anyone or any agent workflow with the wallet password can potentially sign transactions from this wallet.
The skill uses a wallet password to load a signing keypair and authorize blockchain transactions, which is expected for a wallet but grants high-impact authority.
const keypair = await (0, wallet_js_1.loadWallet)(password); ... sendAndConfirmTransaction(connection, transaction, [keypair])
Use a dedicated low-balance wallet, provide the password only when needed, and do not reuse passwords or seed phrases from other wallets.
If the transcript or agent context is exposed, the wallet recovery phrase could be exposed and funds could be stolen.
Wallet setup returns the recovery mnemonic in the agent-visible response. This is normal for wallet backup, but the phrase may enter chat history, logs, or agent context.
`🔑 BACKUP SEED PHRASE (SAVE THIS!)` ... `${result.mnemonic}`Capture the seed phrase securely, avoid asking the agent to repeat it, and do not store it in shared chats or persistent agent memory.