ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AWP Wallet Skill

v0.15.0

Use when the user says "send ETH/USDC to 0x...", "check my balance", "how much do I have", "approve token spending", "sign this message", "estimate gas", "wh...

1· 153·0 current·0 all-time
byawp-core@kilb
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the files and commands: this is an EVM wallet CLI with balance, send, approve, sign, gasless flows. Requested binaries (node, git, openssl, npm) and an npm package install are reasonable for this purpose. Installer creating a per-user wallet directory and CLI shim is consistent with a wallet tool.
Instruction Scope
SKILL.md instructs the agent to clone/run the installer, init/unlock the wallet and run CLI commands. Those instructions are within wallet scope (balance, send, sign). However the guide relies on session tokens and contains actions that can export seeds/sign arbitrary messages. The file-level guidance asks the agent to confirm transfers, but that is a human-facing convention in the README — the CLI and scripts will perform operations programmatically if invoked. The SKILL.md does not clearly enumerate all environment variables or config-driven behaviors the code will read at runtime (see environment_proportionality).
!
Install Mechanism
Installer clones a GitHub repo and runs npm install — a generally standard flow. But install.sh will create ~/.local/bin symlink, and persist PATH changes by appending to the user's shell RC file (.bashrc, .zshrc or .profile). It also writes profile data under $HOME/.openclaw-wallet and can save API keys to a profile .env. The installer attempts npm link (including sudo fallback) and writes files to the user home; these persistent modifications are legitimate for a CLI wallet but are higher-risk than an instruction-only skill and should be accepted only after inspecting the source.
!
Credentials
Registry metadata declares no required environment variables, but the code clearly reads and relies on several env vars at runtime: PIMLICO_API_KEY / ALCHEMY_API_KEY / STACKUP_API_KEY (for bundler/paymaster/gasless paths), arbitrary env placeholders used to expand RPC URL templates (getRpcUrl substitutes process.env[k]), and optional WALLET_PASSWORD, AWP_AGENT_ID, AWP_SESSION_ID. createClients will throw if bundler providers are configured but no API keys are set. In short: the skill may require or read sensitive keys and arbitrary env vars not declared in metadata — this is a mismatch and a potential surprise.
!
Persistence & Privilege
The skill does not request always:true, but the installer creates persistent state: ~/.openclaw-wallet, wallet keystore files, a session-secret file, and may persist API keys to a profile .env. It also edits shell rc files to add ~/.local/bin to PATH and may run npm link (including sudo). These are expected for a wallet but are privileged, long-lived changes that warrant manual review before granting.
What to consider before installing
This skill appears to be a legitimate EVM wallet CLI, but it makes persistent changes and handles secrets — so proceed only if you trust the source and have reviewed the code, especially the keystore/session code. Things to consider before installing: - The installer will clone from GitHub, run npm install, add ~/.local/bin to your PATH (it may append to your shell rc) and create $HOME/.openclaw-wallet where keys/sessions/config live. If you don't want those changes, do not install. - The CLI exposes powerful operations: export (mnemonic), sign-message, unlock (session tokens) and can send transactions. If an agent is tricked into running export or unlock with full scope, it could leak your seed or sign transactions. Never provide your mnemonic/private key to an untrusted agent. - The package will read environment variables for gasless providers and RPC templates (PIMLICO_API_KEY, ALCHEMY_API_KEY, STACKUP_API_KEY and arbitrary names referenced in your config). Those env vars are not declared as required in the registry metadata — expect runtime errors or hidden dependencies if config references missing variables. - The installer may attempt sudo npm link if normal linking fails — be cautious about running scripts that invoke sudo. - If you plan to use this skill: (1) review scripts/lib/keystore.js and session.js to understand how secrets are stored and exported, (2) verify the upstream GitHub repo and the npm package checksum, (3) consider running in an isolated environment or throwaway account, and (4) avoid using the 'export' or 'unlock --scope full' commands unless you explicitly trust the runtime and agent. Given the combination of persistent file writes, shell rc modifications, and undeclared environment dependencies, I recommend manual code review (especially keystore/session) before installing; if you cannot review, treat this skill as risky and avoid installing it on machines holding real funds.

Like a lobster shell, security has layers — review code before you run it.

latestvk9716yzmxgezbk8pn4yq3b6zph83gteb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

💰 Clawdis
Binsnode, git, openssl
Any binnpm

Install

Node
Bins: awp-wallet
npm i -g awp-wallet

Comments