Kite Agent Smart Wallet V3
WarnAudited by ClawScan on May 18, 2026.
Overview
The skill matches its wallet-control purpose, but it gives Telegram commands direct signing power over a configured private key and broad session-key permissions without clear credential declaration, access control, or confirmation safeguards.
Review carefully before installing. Only use a testnet or low-value wallet key, confirm who can send Telegram commands to this skill, and avoid granting all-function session keys unless you fully understand and can revoke the permission.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the command is invoked accidentally or by an unintended Telegram user, assets controlled by the configured signer could be sent to an arbitrary address.
The handler turns Telegram command arguments into an immediate blockchain transfer from the configured signer wallet. This branch does not visibly require a second confirmation, allowlist, or smart-wallet spending-limit check before sending funds.
case '/kite send': ... const tx = await wallet.sendTransaction({ to: toAddress, value: amountWei });Require explicit confirmation for transfers, restrict who can invoke the command, bind transfers to the correct user wallet, and enforce spending limits before signing.
Users may not realize installation requires a highly sensitive private key capable of signing wallet operations.
The code requires a raw wallet private key and uses it as the transaction signer, while the supplied registry metadata declares no required environment variables or primary credential.
console.log('⚠️ KITE_WALLET_PRIVATE_KEY not set'); ... wallet = new ethers.Wallet(privateKey, provider);Declare the required private-key credential clearly, store it only in a secure secret mechanism, document exactly what it can sign, and prefer scoped session keys or wallet-provider signing instead of raw private-key handling.
A granted session key may be able to perform more wallet actions than the user expects until it is removed.
The session-key flow grants a user-supplied address an all-functions permission selector. The artifacts do not show expiry, narrower function scoping, or an extra approval step for this persistent delegated authority.
walletContract.addSessionKey(sessionAddr, ethers.parseEther(limit), ['0x00000000'] // Allow all functions)
Use narrow function selectors, show the exact permissions before signing, add expiration or revocation guidance, and require explicit confirmation for broad session-key grants.