ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Kite Agent Smart Wallet Permissionless Protocol V2

v2.0.5

Manage your Kite AI smart wallet securely with natural language Telegram commands for wallet creation, balance checks, sessions, limits, and transactions.

0· 400·0 current·0 all-time
by@nihaovand
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The stated purpose (Telegram control of a Kite AI testnet smart wallet) matches the code: telegram-bot.js and kite-wallet.js implement create/balance/session/limit/send commands and call a factory contract on the testnet RPC. However the registry/metadata claims no required env vars or primary credential while the code clearly requires a private key and Telegram bot token (inconsistent declarations).
!
Instruction Scope
SKILL.md and README instruct the user to set PRIVATE_KEY and TELEGRAM_BOT_TOKEN and run node telegram-bot.js — that aligns with telegram-bot.js. But kite-wallet.js expects a different env name (KITE_WALLET_PRIVATE_KEY), and both JS files log wallet.address to stdout (potentially leaking sensitive data in logs). GITHUB-SETUP.md includes steps to push the repo to GitHub — combined with .env usage this risks accidental exposure of private keys if users follow that without removing .env. The code talks to only expected endpoints (rpc-testnet.gokite.ai and api.telegram.org) and does not exfiltrate to unknown domains, but the mismatched env names and logging are scope concerns.
Install Mechanism
This is an instruction-only skill with included Node.js source and a standard package.json (ethers, dotenv). There is no remote download/install of arbitrary binaries or external archives; npm install is expected. No high-risk install URLs or extract steps are present.
!
Credentials
The skill reasonably needs a private key and a Telegram bot token to operate. However the registry metadata lists no required env vars while SKILL.md and the code require PRIVATE_KEY/TELEGRAM_BOT_TOKEN (telegram-bot.js) and KITE_WALLET_PRIVATE_KEY (kite-wallet.js) — this inconsistency can lead to misconfiguration and accidental key exposure. The number of secrets requested is proportionate, but the mismatch in env names and guidance to push repositories increases risk.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system-wide settings, and runs locally as a user process. It uses standard network APIs to talk to Telegram and the testnet RPC. No persistent privileged installation behavior is present.
What to consider before installing
What to consider before installing or running this skill: - Origin & trust: The skill's source is listed as unknown. Prefer code from an identified, trusted repository/author. If you don't know the author, treat the package as untrusted. - Secret handling: The bot requires a private key and a Telegram token. Do NOT use a real/mainnet/private key. Use an empty/test wallet with minimal funds. Keep secrets out of repository commits — remove or gitignore your .env before pushing. GITHUB-SETUP.md includes push instructions; follow them only after scrubbing secrets. - Env name mismatch: The two JS files expect different env var names (telegram-bot.js expects PRIVATE_KEY and TELEGRAM_BOT_TOKEN; kite-wallet.js looks for KITE_WALLET_PRIVATE_KEY). Confirm which entrypoint you run and set the correct variables. Fix the code or env names before deploying to reduce confusion. - Logging & leakage: The bot prints the wallet address to stdout. If you run this on a shared machine or CI, logs could leak sensitive info. Run in an isolated environment (local machine or container) and avoid log aggregation that might capture secrets. - Test first: Run against the Kite testnet with a throwaway key and small test funds. Verify contract addresses on the provided explorer (testnet.kitescan.ai) and confirm factory behavior before using any valuable funds. - Code audit suggestions: Inspect/patch to (1) unify env variable names; (2) avoid printing private-related info to logs; (3) ensure input validation of Telegram commands and addresses; (4) ensure userId is correctly mapped to an Ethereum address (current code passes Telegram numeric userId where an address is expected, which looks like a bug). - Safer alternatives: If you need stronger security, sign transactions offline or use a hardware wallet / dedicated signing service rather than placing a raw private key in a .env file. If you want, I can produce a short checklist and minimal code edits to reduce the biggest risks (unify env names, stop logging sensitive fields, add warnings before pushing to GitHub).

Like a lobster shell, security has layers — review code before you run it.

latestvk97aebmafjxjrenqn7axy5reh181t4nc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments