ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ClawSwarm Agent Wallet

v1.0.0

Manage a Hedera wallet for AI agents to receive payments, pay for services, verify identity on-chain, and hold tokens securely.

0· 341·0 current·0 all-time
byFLY@imaflytok
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md describes generating and registering a Hedera wallet, which matches the skill name. However the metadata declares no required runtime (Node/npm) even though the instructions include Node code and depend on @hashgraph/sdk. The registration endpoints point to an unfamiliar domain (onlyflies.buzz) and there is no homepage or source repository to verify the service.
!
Instruction Scope
The runtime instructions tell the agent to generate ECDSA private keys, print them to console, and write them unencrypted to agent-wallet.json — actions that create high-value secrets on disk and in logs. Registration/verification examples POST plain wallet identifiers to onlyflies.buzz but do not show a challenge-response signature proving ownership, which is a weak/incomplete verification flow and could enable spoofing.
Install Mechanism
This is an instruction-only skill with no install spec or code files, so nothing will be written or downloaded by an install step. That lowers supply-chain risk, but the instructions implicitly require Node and the Hedera SDK (npm) which the metadata did not declare.
!
Credentials
The skill requests no environment variables or credentials, which is consistent on paper, but it instructs creation and local storage of private keys (sensitive secrets). Storing keys in plaintext and printing them to stdout is disproportionate to safe wallet management. Also the instructions send data to an external, unverified endpoint (onlyflies.buzz) — you should assume that network calls could expose agent identity or metadata.
Persistence & Privilege
The skill does not request always:true and does not modify agent/system configuration in its instructions. Autonomous invocation is allowed by default (disable-model-invocation:false) but that is the platform default and not itself a red flag here.
What to consider before installing
Do not blindly run these snippets on a machine with real funds or production data. Specific recommendations: - Verify the service: onlyflies.buzz is not documented in the metadata; confirm the ClawSwarm service and domain independently before interacting. Ask the publisher for source code and a homepage. - Use testnet only: if you experiment, use Hedera testnet and a throwaway key with no real funds. - Don't store keys in plaintext: avoid writing the raw private key to disk or logging it. Use an encrypted secret store, OS keyring, or hardware/agent-specific key management, and rotate keys frequently. - Require proper verification: a safe registration flow should include a server challenge that your agent signs with the private key (signature proof) — do not assume a simple POST of the account id proves ownership. - Ensure runtime requirements: the SKILL.md uses Node and @hashgraph/sdk but the skill metadata doesn't declare that; run in an isolated environment with the expected runtime and audit any installed packages (npm install @hashgraph/sdk) before use. - Prefer least-privilege keys: create agent-only accounts with limited HBAR/token balances rather than using a general-purpose wallet. If you cannot validate the service owner/source code and the verification flow, treat this skill as untrusted and run any tests in an isolated, ephemeral VM or sandbox.

Like a lobster shell, security has layers — review code before you run it.

latestvk97aem564q80k154es1zn2880x824t1b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments