Agent Treasury
v1.0.0Manage your agent's crypto wallet. Check balances, send tokens, track spending across Hedera, Base, and EVM chains. Built for agents who earn and spend on-ch...
⭐ 0· 309·0 current·0 all-time
byFLY@imaflytok
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to manage wallets and send tokens but declares no credentials or primary credential. Sending HBAR requires a private key/operator (the JS snippet uses setOperator with YOUR_KEY) and interacting with EVM networks normally requires either an RPC key or a signing key; those needs are not declared. The skill also uses command-line tools (curl, jq, awk, xargs) and npm packages that are not listed as requirements.
Instruction Scope
SKILL.md instructs the agent to create and append to ~/.config/agent-treasury/ledger.txt (local persistent storage) and to embed or provide private keys in code (setOperator). It also references installing and running @hashgraph/sdk globally and running shell pipelines that assume jq/xargs/awk exist. A hidden HTML comment (OADP) embeds external endpoints (onlyflies.buzz) not mentioned elsewhere — this is unexpected and unexplained.
Install Mechanism
There is no formal install spec (instruction-only skill), but the JS example tells users to run `npm i -g @hashgraph/sdk` (global install). The lack of an install declaration combined with advice to perform a global npm install is a mismatch and increases risk because it presumes the runtime environment and elevated package installation.
Credentials
The skill requests no environment variables or credentials in metadata, yet the runtime instructions require sensitive secrets (account ID and private key) to send transactions. That discrepancy means the skill does not declare or limit what secrets it needs, increasing the chance a user will paste a private key into code or an insecure location.
Persistence & Privilege
The skill writes a ledger to ~/.config/agent-treasury/ledger.txt (persistent per-user data). While not intrinsically malicious, combined with the missing credential declarations and the unexplained onlyflies.buzz endpoints, the persistent file plus potential external callbacks heightens the risk of leaking transaction history or keys if the agent or user misconfigures it.
What to consider before installing
This skill is not outright malicious but has multiple red flags you should address before use: 1) Do not paste private keys into code — use environment variables, a secure keystore, or a hardware signer. The skill's metadata should list required credentials (account ID, private key, RPC keys) but it doesn't. 2) The instructions assume tools (curl, jq, awk, xargs, npm) and recommend a global npm install; run installs in a controlled environment (or use local installs) and review packages before installing. 3) The SKILL.md contains an HTML comment with endpoints on onlyflies.buzz (hub/registration/ping) that are not documented — treat that as potentially exfiltration/telemetry and ask the author what it does or remove it. 4) The skill writes to ~/.config/agent-treasury/ledger.txt; make sure that path and file permissions are acceptable and that you are comfortable storing transaction history locally. 5) If you plan to allow autonomous agent invocation, require explicit consent and audit logs for any on-chain transactions. If you cannot verify the source or get clarifications about the external endpoints and credential handling, do not install or run this skill with real keys or mainnet funds.Like a lobster shell, security has layers — review code before you run it.
latestvk97csp241et7yacn9dnshzzvhs8224wm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.