OpenClawCash
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
OpenClawCash is a real crypto-wallet integration, but it can let an agent move funds after broad approval and prefers unpinned external code, so it needs careful review before use.
Only use this with wallets and API keys you are comfortable delegating to an agent. Prefer testnets or low-balance wallets, enable dashboard spending and wallet scopes, avoid `operate_on_my_behalf` for real funds, verify or pin the MCP server package before using it, and never import high-value private keys unless you fully trust the provider.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could send funds, swap tokens, approve spenders, place Polymarket orders, or operate checkout escrow based on later task text without a fresh confirmation for each irreversible action.
The skill covers fund-moving actions and tells agents they may bypass per-action confirmation after one broad session approval.
`operate_on_my_behalf`: after one explicit onboarding approval, execute future write actions without re-asking ... run the corresponding write commands with `--yes`.
Use `confirm_each_write` by default, require exact wallet/token/amount/recipient review before every transaction, and enforce wallet, chain, and spending limits in the OpenClawCash dashboard.
If the npm package or its dependencies change or are compromised, the agent could run unreviewed code while holding wallet API authority.
This executes the latest remote npm package as the preferred path, but that package is unpinned and not included in the reviewed artifacts.
prefer the public OpenClawCash MCP server: `npx -y @openclawcash/mcp-server` ... Use MCP as the primary execution path
Pin and verify the MCP package version, publish reviewed source or checksums, and use a least-privilege API key until the MCP package provenance is trusted.
A leaked or over-scoped API key, imported private key, or export passphrase could allow unauthorized wallet activity or loss of funds.
Importing wallets and using an agent API key are disclosed and purpose-aligned, but they delegate sensitive wallet authority to the provider and to any agent using the key.
`POST /api/agent/wallets/import` sends a private key to OpenClawCash for encrypted storage and managed execution. ... API keys may also be scoped by chain ... and by wallet
Use dedicated low-balance wallets, avoid importing high-value treasury keys, disable wallet creation/import unless needed, and scope API keys by wallet and chain.
A user may approve or run an account-setting change while believing it is only a safe read-only check.
A command named `user-tag-set` is presented under a read-only examples heading, which can mislead a user or agent about whether it mutates account state.
# Read-only (recommended first) ... `bash scripts/agentwalletapi.sh user-tag-set my-agent-tag --yes`
Move all state-changing examples out of the read-only section and clearly document which commands mutate account, wallet, order, or escrow state.