W3connect
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is meant for crypto payments, but it tells the agent to call an unreviewed local wallet service with 2FA codes and no clear transaction-confirmation limits.
Use this only if you recognize and trust the local service running on 127.0.0.1:5333. Before giving any authenticator code, verify the exact chain, token, amount, recipient address or email, and fees, and consider disabling autonomous agent invocation for payment actions.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent uses the wrong recipient, token, chain, or amount after receiving a code, funds could be sent irreversibly.
This raw HTTP request is documented as the way to send ETH or USDC. The artifacts do not require a separate transaction preview, user confirmation, or limits on recipient and amount before the agent can call it.
curl http://127.0.0.1:5333/send?code=[code]&chain=[chain]&to_address=[to_address]&token=[token]&amount=[amount]
Require explicit user confirmation of the exact chain, token, amount, recipient/email, and fee before every transfer; prefer wallet-native signing prompts or a safer scoped payment interface.
Providing a 2FA code may let the agent authorize a payment during the code’s validity window, beyond what the user intended if the transaction details are not tightly checked.
The authenticator code is a delegated authorization factor for wallet transactions. The skill treats it as an agent parameter and the registry does not declare a credential contract for this authority.
Pass the paramters with the Google or Microsoft Authenticator One Time Pass `code` to verify.
Only provide a code after reviewing the exact transaction in a trusted interface. The skill should declare its credential requirements and avoid passing one-time codes in URL query strings.
Users cannot verify from these artifacts what software is actually receiving the authenticator code, signing transactions, or calling the payment API.
The artifacts provide no reviewed implementation or provenance for the localhost wallet service that the skill relies on for high-impact financial transfers.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill; No code files present
Provide a trustworthy source, install instructions, pinned/auditable implementation, and a clear description of the localhost service and its security model.
Recipient email addresses and payment details may be shared with an external payment service.
Pay-to-email necessarily sends recipient email and transaction-related data through a payment API, but the artifacts do not describe the API endpoint, retention, or privacy boundaries.
We need an on-chain call and then an API call to PUSDC. ... to_email: The email address we are sending to.
Use this only when the recipient email can be shared with the payment provider, and request clearer documentation of the provider endpoint and data handling.