ClawHub

Botwallet -- Let Your Agent Earn & Spend

Security checks across malware telemetry and agentic risk

Overview

This is a real-money wallet skill that is mostly transparent, but it gives agents financial authority and includes an automatic invoice flow that needs careful review.

Install only if you intentionally want an agent to operate a real USDC wallet. Use a dedicated low-balance wallet, strict per-transaction and daily limits, merchant allowlists, and approval requirements for withdrawals and unfamiliar services. Require explicit confirmation before any payment, withdrawal, paylink, invoice, or x402 purchase, and treat ~/.botwallet/seeds/* and BOTWALLET_API_KEY as secrets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly markets capabilities to pay, request funds, and withdraw real USDC, but it does not prominently warn users that blockchain transfers can be irreversible, that mistakes may cause permanent loss of funds, or that use of the skill exposes the agent to real financial operations. In the context of an agent skill, this omission is more dangerous because users may install and delegate payment actions to an automated system based on the README alone, underestimating the operational and financial risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to create and send a sample invoice to the human immediately after wallet claim, but it does not require obtaining explicit consent right before generating and transmitting a payment request. Even if framed as a demo, this can cause unauthorized solicitation, user confusion, or social pressure to pay, especially because the skill encourages making it "fun" and "engaging."

Vague Triggers

Medium
Confidence
88% confidence
Finding
The manifest markets the skill with broad payment and wallet language such as 'pay, earn, invoice' and includes generic tags like 'payments', 'wallet', 'finance', and 'api'. In an agent ecosystem that auto-selects skills from metadata, this can cause the skill to be invoked for loosely related financial tasks, increasing the chance that an agent grants network/shell-capable wallet functionality in situations where it is unnecessary or unsafe.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal