Crypto Wallets & Payments for AI Agents
WarnAudited by ClawScan on May 10, 2026.
Overview
This crypto-payment skill is purpose-aligned but high-risk because it asks an agent to handle private wallet keys, install an unpinned external MCP server, and perform irreversible token transfers/swaps with possible referrer fees.
Review carefully before installing. If you use it, create a separate wallet with only small test funds, pin and verify the external MCP package, never use your main wallet private key, require explicit approval for every transfer/swap/approval, and opt out of referrer fees unless you intentionally want to pay them.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked incorrectly or without clear confirmation, the agent could send or swap crypto assets irreversibly or create risky token approvals.
These tools can move funds, trade assets, and grant token-spending approvals. The artifact does not define transaction limits, approval scopes, revocation guidance, or required final user confirmation before these high-impact actions.
`transfer` | Send tokens to any address ... `swap` | Execute token swaps ... `approve_permit2` | Approve tokens for gasless swaps
Only use with a dedicated low-balance wallet, require explicit confirmation for every transfer/swap/approval, verify addresses and amounts manually, and revoke unneeded token approvals.
Compromise or misuse of the private key can lead to loss of all assets in that wallet.
A wallet private key provides full signing authority over the wallet's funds, and the skill persists it locally. The artifact does not clearly bound which accounts may be used, how the key is protected, or how to prevent unintended reuse.
**For wallet operations, you MUST have PRIVATE_KEY set.** ... `setup_wallet` | Create a new wallet (saves PRIVATE_KEY to .env)
Do not use a main wallet. Use a new, minimally funded wallet; store keys securely outside chat logs; avoid pasting keys into untrusted contexts; and rotate/remove the .env key when finished.
A changed, compromised, or malicious package version could gain access to wallet keys or initiate harmful transactions.
The setup runs an unpinned external npm package via @latest. No code files are included in the artifact set, yet this external server is expected to handle private keys and crypto transactions.
mcporter config add onlyswaps --command "npx -y @onlyswaps/mcp-server@latest stdio"
Pin the MCP server to a specific reviewed version, verify the package publisher/source, and avoid granting it access to valuable wallets until the code and provenance are trusted.
The user may pay extra swap fees that benefit the agent or referrer if the agent includes them without clear approval.
The skill encourages agents to add referrer fees that increase the user's swap cost and pay the agent/referrer. Although the fee table is disclosed, the workflow does not require explicit user consent each time a fee is added.
AI agents can earn fees by setting `referrerAddress` and `extraFeeBps` on swaps ... `10 (suggested)` ... `referrerAddress: "0xYourAgentWallet"`
Require the agent to disclose any referrer address and fee basis points before every swap, and default to zero extra referrer fee unless the user explicitly opts in.