Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Crypto Wallets & Payments for AI Agents
v0.1.7Create and manage ERC20 wallets, transfer and swap tokens across 13 chains, enable agent payments, and earn referrer fees in AI agent ecosystems.
⭐ 3· 2.4k·6 current·6 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes wallet creation, token transfers, swaps, and referrer fees which align with the skill name. However, the registry metadata lists no required environment variables or primary credential while the runtime instructions clearly require a PRIVATE_KEY for wallet operations — a mismatch between declared requirements and actual functionality.
Instruction Scope
The instructions explicitly require users to provide or generate PRIVATE_KEY and instruct that setup_wallet will save PRIVATE_KEY to a local .env file. They also show examples of invoking mcporter with PRIVATE_KEY in the environment. That surface legitimately needed secret handling for signing transactions, but the skill instructs persisting plaintext private keys and claims 'never transmitted' without proof — this is risky and broad in scope relative to a simple helper.
Install Mechanism
There is no install spec in the registry, but the SKILL.md directs the agent operator to run npx @onlyswaps/mcp-server (i.e., download and run an npm package). Using npx/npm is a common but nontrivial install mechanism (downloads code at runtime); the package is linked on npm and onlyswaps.fyi which helps traceability, but the lack of an explicit install spec/verification in the metadata is a gap.
Credentials
Wallet operations legitimately require a private key, but the manifest does not declare PRIVATE_KEY as a required env var while the instructions repeatedly require and persist it. Requesting and storing a high-value secret (private key) without clearly declaring it in the skill metadata, or recommending safer alternatives (hardware wallets, ephemeral keys), is disproportionate and risky.
Persistence & Privilege
The SKILL.md instructs that setup_wallet 'saves PRIVATE_KEY to .env' and shows examples using environment variables — this encourages creating persistent, plaintext secrets on disk. While always:false and no explicit system-wide modifications are requested, the guidance to persist keys locally increases the blast radius if the fetched npm package or local environment is compromised.
What to consider before installing
This skill performs real crypto operations and therefore needs and handles private keys. Before installing or using it: (1) do not paste the private key of any funded/main wallet — use an ephemeral or test wallet instead; (2) verify the @onlyswaps/mcp-server npm package source code and maintainers (check GitHub, read the code that handles PRIVATE_KEY to confirm it doesn't exfiltrate secrets); (3) prefer using hardware signers or ephemeral keys rather than storing keys in .env or shell history; (4) run the MCP server and npx package in a sandboxed environment if possible; (5) ask the publisher to update the registry metadata to declare PRIVATE_KEY as a required credential and provide checksum or repo links; and (6) if you only need quotes/portfolio lookups, stick to the read-only calls that do not require a private key. If the publisher can provide the package source and a security audit, that would increase confidence.Like a lobster shell, security has layers — review code before you run it.
latestvk974p7mx6kxwd8f5xcyahbdak580azdg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.