Skillv1.0.0

ClawScan security

kaspa-wallet · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:04 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The package appears to implement a functional Kaspa CLI wallet, but there are inconsistencies and supply-chain risks you should understand before installing (missing declared env requirements, an unpinned PyPI dependency, and unclear provenance).
Guidance: This package mostly does what it says (a CLI Kaspa wallet) but contains a few important red flags you should address before use: - Do not run this on a machine that holds real funds until you vet it. The code requires a private key or mnemonic via environment variables; those are sensitive values. - The installer pulls the 'kaspa' package from PyPI with no version pin. Verify the 'kaspa' package on PyPI (author, downloads, homepage) and prefer a pinned, audited dependency. Consider running install in an isolated VM or container. - The registry metadata omits the required env vars; that mismatch is suspicious—assume the skill requires a wallet secret and treat it accordingly. - Review the included scripts (install.py and scripts/kaswallet.py) locally. If you can't audit the code, consider using ephemeral testnet keys (KASPA_NETWORK=testnet-10) and fund only a small test balance first. - If you decide to install, run the installer in a sandbox (container/VM), inspect what gets installed into .venv, and avoid storing secrets in shared shells or logs. Prefer hardware wallets or a well-known, audited wallet for real funds. If you want, I can: - fetch and summarize the remainder of scripts/kaswallet.py (the file was truncated in the review input) to look for further surprises, - check the PyPI 'kaspa' package metadata, or - suggest minimal changes to harden the installer (pin deps, add checksum/lockfile, declare env requirements in metadata).

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose (send/receive KAS) matches the included code (install.py, scripts/kaswallet.py, kaswallet.sh). However the registry metadata claims 'Required env vars: none' while the SKILL.md and the code clearly require a wallet secret (KASPA_PRIVATE_KEY or KASPA_MNEMONIC). This mismatch is an incoherence: anyone installing this wallet must supply secrets, yet the skill metadata does not declare them.
Instruction Scope: okThe runtime instructions in SKILL.md map directly to the included scripts: set credentials via environment variables, run install.py to create a venv and pip-install the 'kaspa' SDK, and invoke kaswallet.sh. The instructions do not ask the agent to read unrelated files or exfiltrate data. They do instruct agents to rely on env vars for keys (expected for a CLI wallet).
Install Mechanism: concernThere is no registry-level install spec, but the bundle includes an install.py that creates a local .venv and runs pip install -r requirements.txt. requirements.txt contains a single unpinned dependency 'kaspa' (no version). Installing from PyPI without a pinned, audited version is a supply-chain risk (package typosquatting or future malicious updates). The installer performs standard venv creation and pip actions (no obscure download URLs), but the unpinned dependency and lack of provenance for the 'kaspa' package raise concern.
Credentials: concernThe wallet legitimately needs a private key or mnemonic (KASPA_PRIVATE_KEY or KASPA_MNEMONIC) and optionally RPC config. That requirement is present in SKILL.md and in the code (scripts/kaswallet.py). However the skill's declared metadata listed no required env vars or primary credential, which is inconsistent and misleading. Requiring a mnemonic/private key is a high-sensitivity need and should be clearly declared. The code claims it does not store credentials to disk (installer and scripts don't write secrets), which aligns with expectations.
Persistence & Privilege: okThe skill does not request elevated persistence: always:false, no system-wide changes, and installer only creates a .venv inside the skill directory. It does not modify other skills or system agent settings. The skill can be invoked autonomously by the agent (platform default), which increases blast radius if malicious, but that is not combined here with other definitive red flags.