ClawPay Escrow
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: clawpay-escrow Version: 1.0.0 The skill is classified as suspicious due to instructions in `SKILL.md` that create significant prompt injection vulnerabilities and supply chain risks. Specifically, the AI agent is instructed to search common filesystem locations (`~/wallet.json`, `~/.config/solana/id.json`, etc.) for sensitive Solana keypair files, granting it broad and potentially abusable file access. Additionally, the `pip3 install clawpay` command introduces a supply chain risk, as a compromised package could lead to arbitrary code execution. While the stated purpose is benign, these instructions represent risky capabilities that could be exploited by a malicious user prompt.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the wrong keypair is used or a transaction is authorized incorrectly, the agent could spend or lock real SOL from a local wallet.
The skill directs the agent to find and use local Solana private-key files. This is expected for a payment skill, but it is high-impact authority and the fallback search includes broad/common key locations rather than a tightly scoped, user-selected wallet.
The user's Solana wallet keypair is required. Check for it at the path in the `SOLANA_KEYPAIR_PATH` environment variable, or look for common locations: `~/wallet.json`, `~/.config/solana/id.json`, `~/projects/clawpay/program-keypair.json`.
Use a dedicated low-balance wallet, set `SOLANA_KEYPAIR_PATH` explicitly, avoid using a main wallet or program/deployer keypair, and require explicit approval for every signed transaction.
A compromised, changed, or unexpected package version could gain access to wallet key material or sign unintended transactions.
The skill instructs installation of an unpinned external package, and the artifact set contains no code files to review. Because that package is then used with wallet private keys and payment signing, the supply-chain trust requirement is material.
If not installed: ```bash pip3 install clawpay ```
Verify the SDK source and maintainer, pin an exact package version and hash, review the package before use, and prefer running it in a constrained environment with a limited wallet.
A mistaken seller address, amount, network, or escrow address could cause funds to be locked, released, refunded, or fee-charged in ways the user did not intend.
The skill exposes transaction-creating code that can move funds on Solana mainnet. Its guardrails say to confirm the amount and seller key, but they do not clearly define a final approval step immediately before signing or broadcasting.
escrow = client.create_escrow(
seller=Pubkey.from_string("SELLER_PUBKEY"),
amount_sol=AMOUNT,
delivery_secs=DELIVERY_TIME,
verification_secs=VERIFICATION_TIME
)
...
- **Network**: Solana Mainnet (default) or DevnetBefore any transaction, show the wallet address, network, amount, fee, seller public key, escrow address if applicable, and exact action, then require a fresh user confirmation before signing.