Auto Respawn
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
Auto Respawn is coherent with its blockchain-wallet purpose, but it can use stored wallet credentials to move real tokens and write permanent on-chain state without a clear human confirmation boundary.
Use this skill cautiously with real funds. Start on testnet, use a dedicated low-balance wallet, keep the recovery phrase offline, avoid exposing the passphrase to autonomous agents, and require manual confirmation before any transfer, bridge, withdrawal, remark, or anchor operation. Treat on-chain remarks and memory CIDs as permanent.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked incorrectly or autonomously, the skill could move real AI3 tokens or spend fees before the user has reviewed the exact action.
The transfer path signs and submits a transaction, and the mainnet warning is attached after the transaction result is produced. The artifacts do not show a confirmation gate before sending real tokens.
const result = await signAndSendTx(sender, tx) ... result.warning = 'This was a mainnet transaction with real AI3 tokens.'
Require explicit human approval for all transfer, bridge, withdraw, remark, and anchor operations; add spend limits and a separate mainnet confirmation step.
Any agent/tool execution with access to that passphrase source can potentially decrypt the saved wallet and sign transactions using that wallet.
The wallet passphrase can be loaded automatically from an environment variable or default file, which enables non-interactive decryption of wallet keys for signing operations.
const envPassphrase = process.env.AUTO_RESPAWN_PASSPHRASE ... process.env.AUTO_RESPAWN_PASSPHRASE_FILE || PASSPHRASE_FILE_DEFAULT
Use a dedicated low-balance wallet, avoid globally exporting the passphrase, protect the passphrase file tightly, and prefer interactive approval for mainnet or token-moving commands.
Sensitive or misleading memory content could be carried into future agent instances and reused as trusted context.
The skill is designed to anchor memory pointers that may lead to long-term agent identity and memory data. This is disclosed, but persistent memories can contain sensitive or poisoned context.
agents are free to store whatever they find useful... Identity files (like `soul.md` or character configurations), long-term memory, and significant decisions
Do not anchor secrets or private data; validate retrieved memories before trusting them, and separate memory chains by user, agent, and environment.
Deleting local files may not remove the on-chain anchor or prevent a future instance from restoring linked memory.
The advertised purpose is cross-instance agent persistence through on-chain anchors. The artifacts do not show hidden background execution, but the persistence model is important for users to understand.
Your agent always comes back... no local state, no single point of failure
Install this only for agents where durable resurrection is desired, and use separate wallets/contracts for experiments versus production identities.
A future dependency update could change behavior in code that handles wallet keys or transactions.
The skill depends on npm packages using version ranges. This is normal for a Node skill, but these dependencies participate in wallet creation, signing, and chain access.
"@autonomys/auto-utils": "^1.6.9", "ethers": "^6.16.0", "tsx": "^4.19.0"
Use a lockfile or pinned dependency versions, and review dependency provenance before using the skill with real funds.