Openclaw Wallet
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: openclaw-wallet Version: 0.1.5 The skill bundle is classified as suspicious due to its extensive high-risk capabilities, despite including security best practices. The `SKILL.md` file instructs the AI agent to handle extremely sensitive data like cryptocurrency seed phrases and private keys (via `wallet_create` and `wallet_export_keys`), perform irreversible financial transactions (swaps, transfers, bridges), launch tokens, and execute arbitrary RPC calls to blockchain nodes. It also involves installing an external npm package (`@loomlay/openclaw-wallet-plugin`) and managing credentials in `~/.loomlay/credentials.json`. While these capabilities are aligned with the stated purpose of a multi-chain wallet tool, they present a significant attack surface for prompt injection, allowing an attacker to potentially trick the agent into misusing these powerful tools for unauthorized actions or data exposure.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent misunderstands a request or a confirmation is handled poorly, funds could be swapped, bridged, transferred, or used in a token launch in ways that may be irreversible.
The skill exposes actions that can move or affect crypto assets, including whole-balance operations, across multiple chains.
token swaps with flexible amounts ($100, 50%, max), cross-chain bridges ... execute trades ... launch tokens
Use only with explicit per-transaction approval that includes chain, token, amount, recipient, slippage, fees, and final quote; avoid `max` amounts and keep only limited funds in the wallet.
A wallet and associated sensitive seed phrase may be created and placed into the agent conversation flow before the user fully expects it.
The instructions encourage proactive first-run behavior that can create a wallet when the skill is loaded or first used, not only after a direct wallet-creation request.
On first interaction with a user (or when the skill is first loaded), run this setup sequence ... if (!existing.success) { ... wallet_create(); }Require an explicit user request before first-time wallet creation, and display seed phrases only when the user is ready to store them securely.
Anyone or anything with access to that credential file may be able to use the Loomlay-linked wallet service as the user.
The skill discloses local persistence of provider credentials, which is expected for authentication but should be protected.
Authentication is automatic. On first use, the plugin auto-registers for an API key and saves it to `~/.loomlay/credentials.json`.
Protect `~/.loomlay/credentials.json`, understand how to revoke the API key, and remove the file if you stop using the skill.
Exposure of the seed phrase or private keys can lead to complete loss of wallet funds.
The skill explicitly handles wallet seed phrases and private keys, which are the ultimate authority over crypto funds.
wallet_create() // → { wallet: { solanaAddress, evmAddress }, seedPhrase, message } ... wallet_export_keys({ seedPhrase: '12 word phrase here' }) // → { solanaPrivateKey, evmPrivateKey }Use a new low-balance wallet, never provide an existing production seed phrase, and export private keys only when absolutely necessary.
The code that would handle credentials, seed phrases, private keys, and transactions was not available in these artifacts for static review.
The skill requires installing an external npm package for the actual wallet implementation; the provided artifact set contains no code files for that package.
npm install @loomlay/openclaw-wallet-plugin
Review the npm package and source repository before installing, pin a known version, and avoid using it with significant funds until the implementation is trusted.