Back to skill

Security audit

Openclaw Wallet

Security checks across malware telemetry and agentic risk

Overview

This crypto wallet skill is purpose-aligned but gives an agent broad financial, key-handling, RPC, and persistent credential authority that needs careful review.

Install only if you intentionally want an agent to operate a crypto wallet. Pin and review the npm package before use, use a dedicated low-value wallet, require explicit approval for installation, API registration, wallet creation, key export, swaps, transfers, bridges, token launches, fee claims, and every raw RPC call, and periodically remove or rotate credentials stored in ~/.loomlay/credentials.json.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The skill exposes a low-level `rpc_call` capability that materially expands what an agent can do beyond the high-level wallet/trading behavior described in the manifest. Raw RPC access can be used to query or interact with chains in ways not obvious to users or orchestrators, weakening least-privilege assumptions and increasing the chance of misuse or unsafe invocation.

Context-Inappropriate Capability

Low
Confidence
78% confidence
Finding
Automatic API-key registration and persistence to `~/.loomlay/credentials.json` go beyond simple wallet/trading operations and create an external account plus a local credential artifact without prominent disclosure. In agent environments, that can surprise users, complicate auditability, and leave credentials behind on shared or ephemeral hosts.

Vague Triggers

Medium
Confidence
72% confidence
Finding
The invocation text is broad enough to trigger for many generic requests about wallets, trading, research, or token launches. Over-broad routing increases the chance an agent loads a powerful skill unnecessarily, exposing transaction, key-management, and RPC capabilities in contexts that may not require them.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill describes automatic API-key registration and local credential storage without a strong user-facing warning that an external account may be created and credentials written to disk. In sensitive environments, silent account creation and persistence can violate user expectations and security policies.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.