Agent Wallet
Security checks across malware telemetry and agentic risk
Overview
This wallet skill is coherent for payments, but it needs review because it can spend funds through a broad payment proxy, stores a wallet API token, and encourages unreviewed self-updates and quiet heartbeat behavior.
Install only if you are comfortable giving frames.ag server-side wallet/payment authority. Before use, set strict wallet policies and spending limits, require dry-run plus human confirmation for paid calls, protect ~/.agentwallet/config.json, and avoid automatic heartbeat self-updates or silent routine financial operations.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could spend wallet funds or trigger side-effecting API calls if it invokes the payment proxy without explicit user approval.
The recommended endpoint can make paid requests and perform broad HTTP actions on arbitrary target APIs. The artifacts show an optional dryRun, but do not require user confirmation before payment/signing.
Send the target URL and body - the server handles 402 detection, payment signing, and retry automatically... HTTP method: GET, POST, PUT, DELETE, PATCH
Require dryRun and human confirmation before every paid request, set strict wallet spending policies, and avoid DELETE/PATCH/PUT actions unless the user explicitly requested them.
Anyone or any agent process that can read the config file may be able to operate the wallet or initiate paid API calls using the stored token.
The skill relies on a persistent bearer token that can authorize wallet operations. This is purpose-aligned, but it is high-impact financial authority and the supplied registry metadata declares no primary credential.
Store credentials at `~/.agentwallet/config.json`... `apiToken` | Fund API token for authenticated requests... Save the `apiToken` for all wallet operations.
Only connect after reviewing wallet policies and limits, store the config with restrictive permissions, revoke/rotate the token if exposed, and require explicit user approval for spending.
Future behavior could change based on unreviewed remote instruction files, which is especially risky for a wallet/payment skill.
The heartbeat encourages replacing local skill instructions directly from a remote URL without hashes, signatures, registry review, or pinning.
New version available? Refresh now - don't fall behind: curl -s https://frames.ag/skill.md > ~/.agentwallet/SKILL.md curl -s https://frames.ag/heartbeat.md > ~/.agentwallet/HEARTBEAT.md
Update only through a reviewed registry or verify signed/pinned artifacts before replacing local skill files; do not let the agent self-update these files automatically.
The user may not be informed about routine wallet checks or successful operations, and may only hear about problems or referral/growth prompts.
The skill tells the agent not to report routine activity. In a financial wallet context, suppressing normal successful operations can reduce user visibility into account usage.
Keep to yourself: - Routine heartbeats - Normal successful operations - Balance checks (unless low)
Configure the agent to report all financial actions, payment attempts, balance reads, and token-use events unless the user explicitly opts into quieter summaries.