MuHaven RWA Portfolio (rehearsal)
ReviewAudited by ClawScan on May 11, 2026.
Overview
This financial wallet skill is mostly purpose-aligned, but it asks users to rely on strong sandbox and confirmation guarantees while the artifacts say the current runtime may only enforce those controls as advisory.
Review this one carefully before installing. Prefer read-only mode at first, confirm that your OpenClaw runtime actually enforces the manifest sandbox, verify the @muhaven/mcp dependency and MuHaven broker, and do not authorize buy, claim, or pause actions unless you initiated them.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the fallback runtime is used, the skill and its dependency may not actually be blocked from network, file, or process behavior by the advertised sandbox policy.
For a wallet/financial skill, this materially weakens the claimed deny-default egress, filesystem, process, and secret boundaries; users could over-trust safety claims that are not enforced in the runtime the artifact says is used today.
"fallback": "host_native" ... "fallback: host_native is what actually runs today. Sandbox + permissions become advisory in host_native mode."
Install only in a runtime that enforces the manifest permissions, or treat the deny-default sandbox claims as advisory until the publisher removes or clearly resolves the host_native fallback.
A mistaken or autonomous invocation could potentially disable or alter the user's MuHaven/ZeroDev session-key setup, even if it does not move funds.
The buy/claim tools explicitly say they only stage confirmed intents, but the pause tool is described as directly activating an on-chain account-control change and is marked sensitive without the same explicit per-use confirmation wording.
{ "name": "muhaven.position.buy", "description": "Stage a Subscription buy — emits intent for three-tier confirmation. NEVER auto-submits.", "sensitive": true } ... { "name": "muhaven.policy.pause", "description": "Activate /pause kill-switch (uninstallPlugin).", "sensitive": true }Use read-only mode unless you need actions, and require an explicit human confirmation step for the pause/uninstallPlugin tool just as for buy and claim intents.
The skill can use the authenticated MuHaven broker path to read portfolio-related data and propose transaction intents.
The skill relies on a broker-owned JWT with read/propose scopes. This is disclosed and aligned with the portfolio purpose, but it is still privileged financial-account access.
"secrets": { "storage_backend": "os_keychain", ... "references": [{ "name": "muhaven_jwt", "owner": "muhaven-broker", "audience": ["mcp.read.*", "mcp.propose.*"], "ttl_sec": 86400 }] }Use only the official broker, keep the JWT in the OS keychain, review broker sessions periodically, and revoke access if you stop using the skill.
A misconfigured broker endpoint could expose wallet/session interactions to the wrong local process.
The skill communicates with a local broker daemon over a Unix socket or Windows named pipe. That is expected for this design, but users should ensure the endpoint belongs to the legitimate MuHaven broker.
"ipc": { "unix_socket": { "allow_connect": [{ "purpose": "muhaven-broker daemon", "path_pattern": "${HOME}/.muhaven/broker.sock", "windows_named_pipe": "\\\\.\\pipe\\muhaven-broker-*" }] } }Leave the broker endpoint at the default unless necessary, and verify the broker process and socket/pipe path before authorizing wallet activity.
Most wallet/API behavior depends on the pinned external package rather than the small wrapper shown here.
The included wrapper delegates the actual MCP tool behavior to @muhaven/mcp. The version is exactly pinned, which is good, but the dependency's full source is not part of the provided artifact text.
"dependencies": { "@muhaven/mcp": "0.1.2" }Verify the @muhaven/mcp 0.1.2 package and publisher provenance before installing, especially because the skill can interact with wallet and purchase flows.