AgentWallex Payment

Security checks across static analysis, malware telemetry, and agentic risk

Overview

The skill is clearly about AgentWallex payments, but it gives the agent high-impact payment and account-management power and only clearly gates pay/transfer actions, not all destructive account changes.

Install only if you are comfortable letting your agent access AgentWallex. Start in sandbox, use the least-privileged key available, verify any production payment details carefully, and require confirmation before any create/update/suspend/delete action as well as payments.

Static analysis

Destructive delete command

Warn

Finding: Documentation contains a destructive delete command without an explicit confirmation gate.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI02: Tool Misuse and Exploitation

Medium

What this means

An agent could potentially update, suspend, or delete AgentWallex agents without an explicit confirmation workflow, which may disrupt wallets or payment operations.

Why it was flagged

The skill documents mutating AgentWallex account actions, but only transfer/pay are explicitly named for human confirmation while autonomous model invocation is enabled.

Skill content

"disableModelInvocation": false, "humanConfirmation": {"required": true, "actions": ["transfer", "pay"]} ... `agentwallex_delete_agent` | Yes | Delete an agent | ... `agentwallex_agent_status` | Yes | Update agent status (active / suspended)

Recommendation

Require explicit user confirmation for every mutating action, including create, update, suspend, and delete; document whether those actions are reversible and what funds or wallets they affect.

#ASI03: Identity and Privilege Abuse

Low

What this means

If the local config file or pasted API key is exposed, someone may be able to use the associated AgentWallex account permissions.

Why it was flagged

The skill handles and persists an AgentWallex API key; this is expected for the integration, but it is a high-value credential for payment/account operations.

Skill content

No API key or environment variable is needed upfront — credentials are configured through conversation and stored locally. ... Credentials are stored locally at `~/.openclaw/agentwallex/config.json` with owner-only permissions (0600).

Recommendation

Use sandbox first, prefer least-privilege or limited production keys if available, avoid pasting keys into untrusted sessions, and rotate the key if the config file is exposed.

#ASI05: Unexpected Code Execution

Info

What this means

Running the command will delete saved AgentWallex credentials and local configuration for this skill.

Why it was flagged

The shell delete command is in user-directed uninstall documentation and is scoped to the skill's own local configuration directory.

Skill content

To also remove locally stored credentials:

```bash
rm -rf ~/.openclaw/agentwallex
```

Recommendation

Run this command only when you intentionally want to remove the skill's stored credentials; consider backing up needed configuration first.