AWP Skill
ReviewAudited by ClawScan on May 10, 2026.
Overview
This AWP skill is a disclosed crypto-wallet toolkit, but users should treat it carefully because it can authorize real blockchain transactions and optionally run a background monitor.
Install only if you intend to manage AWP/worknet activity with this agent. Use a trusted awp-wallet installation, keep the session token limited, verify every transaction before signing, and enable the daemon/OpenClaw notifications only if you want ongoing monitoring.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked with an unlocked wallet/session token, the skill can authorize real wallet actions.
The skill requires delegated wallet authority and can sign blockchain transactions, which is expected for AWP staking/on-chain operations but is sensitive.
Primary credential: AWP_WALLET_TOKEN; Capability signals: requires-wallet, can-sign-transactions
Use a dedicated wallet where possible, unlock only when needed, and verify each requested chain, address, amount, and operation before allowing transaction-signing commands.
Mistaken parameters could approve, deposit, lock, allocate, withdraw, or otherwise change AWP-related assets on-chain.
The script performs token approval and sends an on-chain deposit transaction. This is purpose-aligned, but it can lock or move assets.
wallet_approve(token, awp_token, ve_awp, amount) ... result = wallet_send(token, ve_awp, calldata)
Run mutation scripts only after explicit user intent, and review transaction details in the wallet before signing.
Installing the wallet helper from an unexpected or changed source could affect wallet safety.
The skill relies on an external wallet CLI. This dependency is central to the purpose, but the visible artifact does not pin a specific release or commit.
Wallet: awp-wallet CLI — install from https://github.com/awp-core/awp-wallet
Install awp-wallet only from the official repository or a verified release, and consider pinning/reviewing the version used.
If started, the daemon can continue monitoring and writing status/notification files until stopped.
The daemon is a long-running background monitor. The documentation says it is opt-in and does not auto-install or auto-initialize wallets, so this is disclosed persistence rather than hidden behavior.
Runs continuously: 1. Send welcome message ... 6. Monitor: registration state changes, new worknet detection
Start the daemon only if you want ongoing monitoring, and stop it when no longer needed.
AWP status notifications may be sent to the configured OpenClaw channel or target.
When OpenClaw is installed and ~/.awp/openclaw.json contains a channel and target, the daemon can send notification messages externally.
openclaw_bin, "message", "send", "--channel", channel, "--target", target, "--message"
Configure OpenClaw targets deliberately and avoid putting sensitive wallet or operational details in notification destinations you do not trust.