Kaspa Wallet
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: kaspa Version: 1.0.11 The skill bundle is classified as suspicious due to the use of broad `allowed-tools` including `Bash` and `Write`, and the `install.py` script's behavior of downloading and executing `get-pip.py` from `https://bootstrap.pypa.io`. While this remote code execution is for a legitimate purpose (bootstrapping pip) and from a trusted domain, it represents a significant high-risk capability. The `SKILL.md` itself does not contain prompt injection attempts, and the core `scripts/kaswallet.py` handles sensitive data (private keys/mnemonics) via environment variables, which is standard for CLI wallets.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If wallet secrets are available, an agent invocation could initiate an irreversible cryptocurrency transfer.
The skill gives the agent Bash access to a CLI that can send KAS, including the whole wallet balance. The provided artifacts do not show a second confirmation, recipient allowlist, spend limit, or dry-run requirement.
allowed-tools: - Bash ... ./kaswallet.sh send <address> <amount> # Send specific amount ./kaswallet.sh send <address> max # Send entire balance
Only use this with explicit per-transaction confirmation. Prefer testnet or small balances, and add safeguards such as amount limits, recipient confirmation, and a default dry-run mode.
Putting a real private key or mnemonic in the agent environment gives the skill spending authority over that wallet.
The skill asks for a private key or seed phrase that can control funds, while the registry metadata declares no primary credential and no environment variables.
export KASPA_PRIVATE_KEY="64-character-hex-string" # OR export KASPA_MNEMONIC="your twelve or twenty four word seed phrase"
Do not expose a main wallet seed or private key to a general agent environment. Use a dedicated low-balance wallet, declare these secrets in metadata, and document exactly when they are read and used.
A compromised or changed install path could affect the code used to handle wallet operations.
The installer can download and run a remote get-pip.py script as a fallback. In a self-custody wallet, installer provenance is especially important because dependencies participate in wallet/key operations.
get_pip_url = "https://bootstrap.pypa.io/get-pip.py" ... run_command([str(venv_python), get_pip_path], capture=True)
Pin and verify dependencies, avoid executing downloaded bootstrap scripts when possible, and document the install behavior in the registry/install spec.