ClawHub

Openclaw Wallet

Security checks across malware telemetry and agentic risk

Overview

This is a coherent crypto wallet skill, but it gives an agent broad financial and key-handling authority with automatic setup and persistent credentials.

Install only if you are comfortable letting an agent operate a crypto wallet. Review the npm package and pin a trusted version before use, require explicit approval for installation, API registration, wallet creation, key export, transfers, swaps, bridges, fee claims, token launches, and any raw RPC call, and do not fund the wallet until you understand where credentials and seed material are stored.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest description frames the skill as a wallet/trading toolkit but omits that it also exposes arbitrary low-level RPC access across supported chains. This is dangerous because agents or users may grant or invoke the skill under a narrower trust model than its actual capability set, increasing the chance of misuse or unexpected blockchain interactions.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The generic rpc_call tool allows direct invocation of arbitrary blockchain RPC methods, which is substantially broader than ordinary wallet, quoting, and trade execution flows. In an agent setting this can bypass higher-level safety checks, enable unintended state-changing calls, and expand the attack surface to whatever the underlying RPC providers permit.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation says authentication is automatic and that the plugin will auto-register for an API key and persist credentials to ~/.loomlay/credentials.json, but it does not clearly warn about the resulting network call and local secret storage side effects. In an agent context, silent credential provisioning and persistence can violate user expectations and create unmanaged secrets on disk.

Session Persistence

Medium
Category
Rogue Agent
Content
On first interaction with a user (or when the skill is first loaded), run this setup sequence:

```javascript
const { wallet_get, wallet_create } = require('@loomlay/openclaw-wallet-plugin');

// 1. Check if a wallet already exists
const existing = await wallet_get();
Confidence
84% confidence
Finding
create } = require('@loomlay/openclaw-wallet-plugin'); // 1. Check if a wallet already exists const existing = await wallet_get(); if (!existing.success) { // 2. No wallet yet — create one const

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal