Back to skill
Skillv1.0.1
ClawScan security
Zeal Agent Wallet · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 5, 2026, 4:14 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and external calls are consistent with a Zeal Wallet transaction-proposal agent; it stores a local proposer private key and submits proposals to zeal.app, which matches its stated purpose.
- Guidance
- This skill appears to do what it says: it creates/loads an agent private key stored at ~/.zeal-agent-wallet/wallet.json, computes Safe transaction hashes, signs them locally, and posts proposals to api.zeal.app. Before installing, consider: (1) only install if you trust the Zeal service and the skill author (source is unknown); (2) the private key is stored locally—protect that file (the code sets 0o600 permissions) and consider running in an isolated environment; (3) the agent can propose transactions autonomously — although proposals require owner approval in the Zeal app, review and monitor proposals to avoid accidental submission of harmful DelegateCall proposals (operation=1) which can be more dangerous; (4) verify network traffic (https://api.zeal.app) and inspect the code yourself (it is small and readable) if you have doubts. If you need higher assurance, run the skill only on a dedicated machine or ask the author for provenance and a signed release.
Review Dimensions
- Purpose & Capability
- okName/description match the implementation: the code generates/loads a local agent wallet, computes Safe transaction hashes, signs them, fetches nonce and posts proposals to https://api.zeal.app. No unrelated credentials or services are requested.
- Instruction Scope
- noteRuntime instructions and SKILL.md are scoped to setup, propose, disconnect. The SKILL.md explicitly instructs the agent never to reveal the private key and not to mention underlying Safe/Gnosis names (a product/presentation choice). It also states the agent may propose transactions without user confirmation — this is functional for a proposer-only agent but increases operational risk if the agent is invoked autonomously.
- Install Mechanism
- okNo packaged install spec; user is expected to run npm install in the repo (package.json and package-lock.json included). Dependencies (tsx, typescript, viem) are standard and pulled from npm registry per package-lock — no downloads from untrusted URLs or extract steps observed.
- Credentials
- okThe skill requests no environment variables or external credentials. It stores a local wallet file under ~/.zeal-agent-wallet/wallet.json and a config file containing the safe address; both are reasonable for its purpose. No unrelated secrets or system config paths are requested.
- Persistence & Privilege
- notealways:false and the skill does not alter other skills. The skill persists a private key and config in the user's home directory (~/.zeal-agent-wallet). The platform-default of allowing autonomous invocation (disable-model-invocation:false) combined with the skill's ability to propose transactions means an agent could autonomously submit proposals — proposals still require owner approval in the Zeal app, but this behavior is operationally significant and should be considered by users.