Local Wallet Standard
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: lws Version: 1.0.0 The skill is classified as suspicious primarily due to its installation and update methods. It instructs the agent to execute a remote script directly via `curl -fsSL ... | bash`, which is a significant supply chain vulnerability allowing arbitrary code execution if the remote script at `https://raw.githubusercontent.com/dawnlabsai/lws/main/lws/install.sh` is compromised. Additionally, the `lws update` command involves `git pull` and `cargo build` from a remote repository, further increasing the supply chain risk by compiling and executing potentially untrusted code. While the skill's described purpose (wallet management) is legitimate, these installation and update practices introduce high-risk capabilities without clear malicious intent from the skill's author, making it a critical vulnerability.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using a real seed phrase could expose control of crypto accounts or allow unintended signatures if the phrase or message is mishandled.
The CLI requires a BIP-39 mnemonic to derive keys and sign messages; a mnemonic is effectively control over a wallet, and passing it as a command argument can expose it through shell history or process listings.
lws sign --mnemonic <PHRASE> --chain <CHAIN> --message <MSG>
Do not use high-value or existing wallet mnemonics with this skill unless you have independently reviewed the implementation; prefer test wallets, hardware-wallet flows, secure prompts/stdin, and explicit review of every message before signing.
If the remote repository or installer changes or is compromised, local code could be installed before the user has a chance to inspect what will handle their wallet data.
The recommended installer executes a remote script from GitHub's main branch without a pinned commit, checksum, signature, or included reviewed code, which is especially risky for software that handles wallet secrets.
curl -fsSL https://raw.githubusercontent.com/dawnlabsai/lws/main/lws/install.sh | bash
Inspect the installer and source first, pin to a known commit or release, verify checksums/signatures where available, and avoid using real funds until the supply chain is trusted.
Installation can change the user's development environment and shell PATH.
The install flow intentionally runs local build/install steps and changes shell configuration; this is disclosed and purpose-aligned for a CLI, but it is still meaningful local execution.
Install Rust via `rustup` if not already present; Clone the repo and build from source; Place the `lws` binary at `~/.lws/bin/lws`; Add `~/.lws/bin` to your shell's `PATH`
Run installation manually in a controlled environment, review shell-profile changes, and choose a custom install directory if needed.
Wallet-related data may remain on disk under ~/.lws until explicitly removed.
The skill discloses persistent local files for the binary and wallet descriptors; this is expected for the stated CLI and there is no evidence of hidden background behavior.
~/.lws/ ... bin/lws ... wallets/<wallet-id>.json
Secure the ~/.lws directory, understand whether wallet descriptors contain secrets, and use the documented uninstall or purge flow when removing the tool.