ClawHub

HashPack Wallet

v1.0.0

Integrate HashPack for Hedera blockchain login, transaction signing, DApp connection, and account balance retrieval in web applications.

0· 555·0 current·0 all-time
by@harleyscodes
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (HashPack wallet integration for Hedera) matches the SKILL.md: all examples reference window.hashpack, connect/sign/disconnect, account IDs, and Hedera transaction types. No unrelated capabilities, credentials, or binaries are requested.
Instruction Scope
Runtime instructions are limited to client-side integration (window.hashpack), connecting, signing transactions, and querying balances. The instructions do not ask the agent to read arbitrary files, access unrelated environment variables, or transmit data to unexpected endpoints beyond the listed Hedera/HashPack endpoints.
Install Mechanism
Instruction-only skill with no install spec or code files, which is low risk. Note: there is no link to an official HashPack distribution or homepage in the metadata—you'll need to ensure the HashPack script/extension you include in your app is the official one.
Credentials
The skill declares no environment variables or credentials, and the instructions do not require secrets or unrelated service tokens. The listed API endpoints (mainnet/testnet/previewnet) are appropriate for Hedera/HashPack integration.
Persistence & Privilege
The skill is not always-enabled and does not request elevated persistence or system-wide changes. It does not modify other skills or agent configuration; autonomous invocation defaults are standard and not by themselves concerning here.
Assessment
This skill is a coherent, client-side integration guide for the HashPack browser wallet and does not request credentials or perform installs. Before using it: (1) confirm you obtain HashPack from the official source (extension or script) — the skill metadata lacks a homepage/source, which reduces confidence; (2) test in a staging environment and review the permission prompts HashPack shows to users (wallets will ask to approve connections and signatures); (3) never hard-code private keys or requests for secrets in your app; (4) verify the listed endpoints (https://*.hashio.io) are the correct, official Hedera gateway endpoints you intend to use; (5) if you plan to allow an autonomous agent to use this skill, remember an agent that can act on behalf of a connected wallet can initiate transactions once the user has approved connections—ensure you understand when and how approvals happen. If you can provide an official source or homepage for this skill/implementation, confidence can be raised to high.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f3pfpb948ghy6ppspm5bcj58149aa

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments