Handshake58 DRAIN
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: drain-mcp Version: 1.8.0 The skill is classified as suspicious due to its requirement for a `DRAIN_PRIVATE_KEY` (a private blockchain wallet key) and the instruction to install a global npm package (`npm install -g drain-mcp`) in `SKILL.md`. While the documentation is highly transparent about the local-only use of the private key for signing and provides strong security recommendations (e.g., use an ephemeral wallet, audit source code), the inherent risk associated with handling such a sensitive credential and executing external code warrants a 'suspicious' classification. There is no evidence of intentional malicious behavior like data exfiltration or prompt injection against the agent beyond the skill's stated purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the configured wallet has funds, the MCP server and agent can authorize payments or on-chain transactions using that wallet.
The skill requires a wallet private key with authority to sign financial transactions. Even though this is purpose-aligned and the docs recommend an ephemeral wallet, it is high-impact delegated authority.
`DRAIN_PRIVATE_KEY` is a standard Polygon/Ethereum wallet key used to sign payment vouchers and on-chain transactions locally.
Use only a fresh, low-balance wallet; never use a main wallet; require manual approval for channel opening, approvals, and spending; and monitor the wallet and payment channels.
An agent could incur repeated costs, open channels, or leave funds locked if it acts too broadly or chooses a provider/session incorrectly.
The tool can automate provider selection, payment-channel management, and repeated paid requests. The artifact does not define mandatory user confirmation, hard spending caps, or clear stop conditions.
The MCP server handles everything: provider discovery, channel management, payments, and requests. ... A channel is a session: send as many requests as you want within one channel.
Before use, set strict spending limits, require user confirmation for paid actions, review provider pricing, and confirm channel close/reclaim steps.
If the npm package or its dependencies are compromised or differ from the documented behavior, the configured wallet and paid requests could be abused.
The documentation directs users to install a global external npm package and configure it with a wallet private key, but the supplied artifact set contains no package code for review.
npm install -g drain-mcp ... "DRAIN_PRIVATE_KEY": "0x_your_polygon_wallet_private_key"
Verify the npm package, repository, version, and integrity before installing; inspect the code if possible; avoid main-wallet keys; and run it in an isolated environment.
Prompts, files, or other request content sent through this MCP may be visible to the selected provider.
Requests and payment vouchers are sent to marketplace provider URLs. This is expected for the marketplace model, but it means prompts and request data may go to third-party providers.
POST {provider.apiUrl}/v1/chat/completions ... X-DRAIN-Voucher: {"channelId":"0x...","amount":"150000","nonce":"1","signature":"0x..."}Review provider identity and documentation before sending sensitive data, and avoid using confidential prompts unless you trust the provider and its privacy practices.