Senddy
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
Senddy is coherent for private USDC wallets, but its recommended daemon pattern can move funds through an unauthenticated local API without clear approval or spending controls.
Treat this as a real-money wallet integration. Before installing or using it with production USDC, audit and pin @senddy/node, protect SENDDY_API_KEY and AGENT_SEED_HEX, and do not run the example daemon unchanged; add authentication, explicit approvals, spending limits, recipient restrictions, logging, and a clear shutdown process.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A local script or agent that can reach the daemon could cause irreversible USDC transfers or withdrawals.
The recommended daemon exposes high-impact transfer and withdrawal operations directly from request parameters, with no visible per-request approval, spending limit, recipient allowlist, or authentication check.
case 'transfer': result = await agent.transfer(params.to, toUSDC(params.amount), params.opts); break; case 'withdraw': result = await agent.withdraw(params.to, toUSDC(params.amount)); break;
Do not run the daemon as shown with real funds unless you add authentication, explicit user approval for each transfer/withdrawal, spending limits, recipient allowlists, and audit logging.
Other local processes or agents may be able to control wallet actions if they know or discover the daemon port.
The documented local HTTP interface is intended to be called by other scripts or agents, but the artifact does not show caller identity, authentication, or permission boundaries.
Query it from any script or agent ... curl -s -X POST http://127.0.0.1:18790 -d '{"method":"transfer","params":{"to":"senddy1...","amount":"5.00"}}'Use an authenticated IPC channel or protected local service, keep the port private, restrict callers, and require a confirmation layer before any fund-moving method is accepted.
Anyone who obtains the seed or API key may be able to access wallet functions or help move funds.
The API key and seed are expected for this wallet integration, but the seed is a high-value credential that controls the private wallet.
seed: Uint8Array, // 32-byte secret (REQUIRED) apiKey: string, // 'sk_live_...' (REQUIRED)
Store the seed and API key only in a secret manager or protected environment, avoid sharing them with general-purpose agents, and rotate/revoke credentials if exposed.
The wallet service may continue running and syncing after the immediate task, leaving fund-moving capability available until stopped.
The skill recommends a persistent background wallet process. This is disclosed and purpose-aligned, but it keeps wallet authority active beyond a single user request.
Run the agent as a long-lived process with a local HTTP API. This is the recommended pattern ... setInterval(() => agent.sync().catch(console.error), 30_000);
Track and stop the daemon when not needed, run it under a least-privilege account, and avoid using it on shared or untrusted machines.
A compromised, changed, or incorrectly installed package could affect wallet security.
The wallet functionality depends on an external npm package that is not included in the submitted skill artifacts; this is expected for an integration, but important because the package handles seeds and transactions.
npm install @senddy/node
Pin a reviewed package version, verify the npm package provenance, and test with small amounts before using production funds.