v1.9.2

Skill

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:07 AM.

Analysis

This appears to be a legitimate crypto wallet skill, but it gives an agent broad autonomous authority over private keys, on-chain transactions, purchases, trading, and DeFi actions.

GuidanceInstall only if you intentionally want an agent to manage a crypto wallet. Use a dedicated low-balance wallet, avoid importing valuable mnemonics, verify the npm package and source, keep any MCP HTTP server local or authenticated, and require human review for transactions wherever possible.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

Agents generate and manage their own keys — no human input required. Use when: ... sending tokens, calling contracts, ... bridging tokens cross-chain ... trading perpetual futures ... buying or selling Polymarket outcome shares

The skill exposes many irreversible or financially material blockchain actions and frames them for autonomous agent use, but the provided artifacts do not show approval, spending, market, or chain-scoping controls.

User impactAn agent using this skill could spend funds, trade assets, bridge tokens, or interact with contracts in ways that may be costly or irreversible.

RecommendationUse only with explicit transaction review or external limits; start with a new low-balance wallet and avoid enabling broad autonomous use for valuable assets.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusConcern

install spec

node | package: evalanche | creates binaries: evalanche-mcp

The skill relies on an external npm package and executable to implement wallet behavior. The reviewed artifact set contains only SKILL.md, so the high-impact code handling keys and transactions is not represented in the supplied files.

User impactInstalling the skill means trusting the npm package and its dependencies with wallet operations and possibly private key material.

RecommendationVerify the npm package, repository, version, and maintainer provenance before installing; pin a known-good version where possible.

Rogue Agents

SeverityMediumConfidenceHighStatusNote

SKILL.md

Storage location: `~/.evalanche/keys/` by default

The persistent keystore is disclosed and purpose-aligned, but it means the agent can retain wallet identity and signing capability across sessions.

User impactA wallet created or imported for this skill may remain available to the agent after the initial task unless the keystore is removed or access is restricted.

RecommendationTrack and protect the keystore directory, back it up only if intended, and delete or move it when you no longer want the agent to use that wallet.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

metadata

AGENT_PRIVATE_KEY (optional) - Hex-encoded private key (EVM) ... AGENT_MNEMONIC (optional) - BIP-39 mnemonic phrase

Private keys and mnemonics provide direct authority over wallet assets and identities. The artifacts disclose these secrets, but do not bound what funds, chains, or transaction types the agent may use once configured.

User impactIf configured with a funded wallet or valuable mnemonic, the agent and installed package can authorize transactions using that wallet.

RecommendationDo not provide a primary or high-value wallet. Use a dedicated wallet with limited funds, rotate keys if exposed, and prefer platform-managed secrets over raw environment variables.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

SKILL.md

HTTP mode (`--http`): localhost:3402. Do not expose publicly without auth.

The MCP HTTP mode is disclosed and limited to localhost by default, but exposing it without authentication could give other processes or users access to wallet tooling.

User impactIf the HTTP MCP server is made reachable beyond localhost without authentication, others could potentially invoke wallet functions.

RecommendationKeep MCP in stdio mode or localhost-only HTTP mode unless strong authentication and network controls are in place.