ClawHub

Kaspa Wallet

v1.0.0

Send and receive KAS cryptocurrency. Check balances, send payments, generate wallets.

0· 1.1k·0 current·0 all-time
by@manyfestation·duplicate of @manyfestation/kaspa
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (Kaspa wallet) match the code and instructions: CLI wrapper, wallet creation, balance checks, sends, and RPC use. Required env vars (private key or mnemonic, optional RPC URL/network) are appropriate for a wallet.
Instruction Scope
SKILL.md and examples restrict operations to wallet-related actions (balance, send, info, fees, generate-mnemonic). The instructions ask the agent to run the included scripts and to set wallet credentials via environment variables; they do not instruct reading arbitrary files or unrelated system state.
Install Mechanism
No exotic installer; install.py creates a venv and runs pip to install the single requirement 'kaspa' from PyPI. This is expected for a Python SDK but does introduce standard PyPI/supply‑chain risk (the kaspa package from PyPI should be reviewed/verified if you care about provenance). No downloads from shorteners, personal servers, or unknown archives in the manifest.
Credentials
Requested environment variables (KASPA_PRIVATE_KEY or KASPA_MNEMONIC, optional NETWORK/RPC/timeout/KASPA_PYTHON) are directly tied to wallet operation. The skill does not declare unrelated secrets or request system credentials or config paths.
Persistence & Privilege
Skill is not always-enabled and does not modify other skills or system-wide config. Installer creates a local .venv and pip cache under the project directory — expected for a local CLI tool. No evidence of the skill persisting credentials to disk (SKILL.md and code assert keys come from env).
Assessment
This package appears to be a legitimate CLI wallet implementation and its requirements (private key or mnemonic via env, optional RPC URL) match its stated purpose. Things to consider before installing: - Review the kaspa package on PyPI (the installer uses pip to fetch it); verify the package's publisher and versions to reduce supply‑chain risk. - Inspect the included scripts (you already have them) and, if possible, run installation in an isolated environment (container or VM) before using real keys. - Prefer ephemeral environment variables (don't store secrets in shell startup files). If you plan to hold significant funds, use a hardware wallet or audited software. - Confirm the upstream source/repository (install.py references a GitHub URL) — lack of a clear homepage/origin reduces provenance; verify the repo and maintainer before trusting the binary/library versions installed by pip. Overall the skill is coherent with its purpose, but standard third‑party dependency and secret‑handling precautions apply.

Like a lobster shell, security has layers — review code before you run it.

latestvk97538gjpv5m9e5168xwdt7f8x80kdd6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments