WAIaaS Wallet
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If policies or prompts are too permissive, an agent could spend funds or create risky token approvals within the allowed wallet policy.
The skill exposes tools that can move assets, approve spenders, sign transactions/messages, and make automatic payments. This matches the wallet purpose and is described with policy controls, but it is high-impact authority.
`send_token` — Send native (SOL/ETH) or tokens ... `approve_token` ... `sign_transaction` ... `x402_fetch` — HTTP 402 automatic payment
Use testnet first, set small per-transaction and cumulative limits, require human approval for meaningful value, whitelist tokens/contracts carefully, and avoid broad approvals.
Anyone or any process with the session token may be able to perform wallet actions allowed by that session's policies.
The MCP server is authorized using a session token. The artifact clearly discloses this and recommends safer storage, but the token represents delegated wallet permissions.
export WAIAAS_SESSION_TOKEN="<session-token-from-quickset>" ... Store session tokens in environment variables or a secrets manager
Create least-privilege, per-wallet/per-agent sessions, keep tokens out of plaintext configs, rotate and revoke tokens regularly, and do not share one token across unrelated agents.
A compromised, changed, or unexpected MCP package version could misuse the wallet session token or run code in the user's environment.
The setup executes an external MCP package via npx and passes it the wallet session token. The supplied scan contains only SKILL.md, and the install spec covers @waiaas/cli rather than reviewed/pinned @waiaas/mcp code, creating a material provenance gap for a high-impact wallet integration.
openclaw config set mcpServers.waiaas.command "npx"
openclaw config set mcpServers.waiaas.args '["@waiaas/mcp"]'
openclaw config set mcpServers.waiaas.env.WAIAAS_SESSION_TOKEN "${WAIAAS_SESSION_TOKEN}"Install only from a trusted source, pin exact package versions, verify the package/repository, review the MCP server code before use, and restrict the session token's wallet permissions.
The wallet service may remain running and available to configured agents until the user stops it or revokes sessions.
The skill starts a local daemon with an admin UI. This persistence is expected for a self-hosted wallet service and is disclosed, but it continues outside a single chat turn.
waiaas start # Start daemon ... Admin UI at `http://127.0.0.1:3100/admin`
Stop the daemon when not needed, protect the admin UI, set a strong master password, and use the kill switch or token revocation if anything looks wrong.