ERC8004 Agent
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill’s blockchain identity purpose is coherent, but it gives broad wallet-signing power through external components and may persist sensitive session tokens, so it needs careful review before use.
Install only if you are comfortable operating blockchain wallet infrastructure. Use a fresh low-value wallet, review and pin the SDK/proxy code, require explicit approval for every signature or transaction, and avoid storing session tokens in MEMORY.md.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or prompt-injected agent could request signatures that spend gas, change onchain identity state, or delegate wallet authority.
The skill documents generic wallet transaction and authorization signing, not only fixed ERC-8004 registration or SIWA messages. The artifacts do not define an allowlist or explicit per-signature review gate.
signTransaction(tx) → { signedTx, address } ... signAuthorization(auth) → SignedAuthorizationUse a dedicated low-value wallet, require explicit user confirmation for every signature and transaction, and restrict the signer to approved domains, contract addresses, and methods.
Anyone who obtains the proxy secret or controls the proxy environment may be able to sign as the agent wallet.
These secrets control or unlock the wallet used for the agent’s onchain identity. This is high-impact credential authority, and the registry metadata does not declare required credentials or environment variables.
Set `KEYRING_PROXY_SECRET` (shared HMAC secret) and either `KEYSTORE_PASSWORD` ... or `AGENT_PRIVATE_KEY` (to use an existing wallet).
Treat these as wallet credentials: store them only in trusted infrastructure, rotate them if exposed, and do not fund the wallet beyond what the task requires.
A compromised or unexpected SDK/proxy implementation could misuse signing authority or expose wallet-related secrets.
The skill is instruction-only but depends on an unpinned npm package and an external keyring proxy template. Those components handle signing and private-key custody, yet their code/provenance is not included in the reviewed artifacts.
npm install @buildersgarden/siwa ... [Deploy on Railway](https://railway.com/deploy/siwa-keyring-proxy?referralCode=ZUrs1W)
Review and pin the SDK and proxy source before use, self-host the proxy where possible, and verify checksums or package versions rather than installing the latest package blindly.
A stored session token could let someone act as the agent until the token expires.
The same section describes MEMORY.md as public data only, but this table says session tokens may be stored there. Persistent tokens in agent-readable memory can be leaked, reused, or carried into later tasks.
| Sessions | Medium | Session tokens (short-lived) |
Do not store JWTs or session tokens in MEMORY.md unless encrypted and expired quickly; prefer in-memory-only storage or a dedicated secret store with cleanup.