Skillv1.19.0

ClawScan security

OpenClawCash · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 30, 2026, 8:26 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill appears to implement a legitimate wallet API client, but there are important inconsistencies and high-risk behaviors (metadata mismatch, remote operations that accept private keys, and the ability to read arbitrary env var values) that you should review before installing or running it.
Guidance: Before installing or running this skill: (1) be aware it requires an API key (AGENTWALLETAPI_KEY) and the curl binary — the registry metadata incorrectly omits these; (2) the included CLI can import private keys and will send passphrases/private-key data to https://openclawcash.com — only use this with API keys you trust and with minimal permissions (disable wallet-import/creation if not needed); (3) the CLI can read any env var whose name you pass in and will transmit its value — avoid passing names that reference other secrets, and do not store unrelated secrets in env vars referenced here; (4) the docs recommend 'npx -y @openclawcash/mcp-server' which downloads and runs remote code — verify the npm package and prefer manually-reviewed installs; (5) test on testnets and use confirm_each_write mode; restrict the API key scope and rotation; and if you are not comfortable with private-key uploads or automatic npx installs, do not install or run this skill.

Review Dimensions

Purpose & Capability: concernSKILL.md and the scripts clearly implement an OpenclawCash agent API client that needs an API key (AGENTWALLETAPI_KEY) and curl — this is coherent with the stated purpose. However the registry metadata in the header (Required env vars: none; Required binaries: none) contradicts the SKILL.md and the scripts. That metadata mismatch is an integrity problem: the skill actually requires an API key and curl, but the registry claim omits them.
Instruction Scope: concernThe runtime instructions and included CLI script perform highly sensitive wallet operations: creating/importing wallets, sending transfers, performing swaps, and POSTing private keys to the service. The scripts source a .env in the skill folder and will read env vars by indirection (the script accepts an env-var-name argument and uses ${!VAR} to read its value) and then send that value to the remote API. Those behaviors are within the skill's stated wallet purpose but are high-risk and must be treated carefully (imported private keys and passphrases are transmitted to openclawcash.com). The SKILL.md also instructs agents to optionally operate without repeated prompts (operate_on_my_behalf), which increases the risk if not tightly controlled by user approvals.
Install Mechanism: noteNo install spec is provided (instruction-only), which is low-risk in terms of automatic code downloads. However the README recommends using 'npx -y @openclawcash/mcp-server' as the preferred path; npx will fetch and execute code from the npm registry at runtime. Using npx -y downloads remote code automatically and should be treated as an install action with associated risk — verify the package source and contents before running.
Credentials: concernRequesting AGENTWALLETAPI_KEY is proportional to a wallet client, and the skill limits config to a local .env file in its folder. However the CLI supports reading an arbitrary env var name supplied by the user and will send that env var's value (e.g., export passphrase) to the remote API; this mechanism could be misused to exfiltrate unrelated secrets if a malicious agent or user supplies a different env var name. Also the skill accepts private key content via stdin and transmits it to the API — expected for import flows but highly sensitive and requires explicit user understanding and limited API key permissions.
Persistence & Privilege: okThe skill does not request 'always: true' or other elevated platform privileges. It writes a local .env file under the skill folder via setup.sh (normal for configuring a skill). It does not modify other skills or global agent settings.