Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Conflux Wallet Skill
v1.1.0Self-sovereign EVM wallet for AI agents. Use when the user wants to create a crypto wallet, check balances, send ETH or ERC20 tokens, swap tokens, or interac...
⭐ 0· 58·0 current·0 all-time
by@pana
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the actions the skill requests (create wallets, check balances, send tokens, swaps, contract calls). Required binaries (node, git) are appropriate for running the provided Node.js scripts and cloning the repo. No unrelated credentials or config paths are requested.
Instruction Scope
SKILL.md explicitly reads/writes a local private key file (~/.cfx-wallet.json) and instructs the agent to run node scripts for balance, transfer, swap, and contract interactions. It also tells the agent to clone a GitHub repo into SKILL_DIR and run npm install if src/ is missing. The wallet behavior (local key storage, confirm before transfer) is consistent with the stated purpose, but the instructions give the agent the power to download and execute arbitrary code from the internet if followed.
Install Mechanism
Although the repo is hosted on GitHub (a well-known host), the skill's runtime instructions perform a git clone and npm install at install time. npm install can run arbitrary package/postinstall scripts and install dependencies from npm—this is a high-risk operation and effectively executes third‑party code on the user's machine. The skill package itself contains no src files in the registry bundle, so following the SKILL.md will fetch remote code before it can be audited locally.
Credentials
No environment variables or external credentials are requested; private key storage in the user's home (~/.cfx-wallet.json) is consistent with a self‑sovereign wallet. The number and type of permissions requested are proportionate to a local wallet. Still verify chains' RPC endpoints and listed token addresses in the cloned code.
Persistence & Privilege
always:false (good). The skill can be invoked autonomously by the agent (default), which is normal, but combined with the fact that it executes local wallet operations (including transfers) means the agent could attempt to run the skill; SKILL.md requires explicit user confirmation before transfers/swaps, which mitigates risk if followed. Consider the blast radius if the skill or its cloned code is compromised.
What to consider before installing
This skill appears to do what it claims (a local EVM wallet) but it fetches and runs code from GitHub and runs npm install—which can execute arbitrary JavaScript on your machine. Before installing or running: 1) Review the remote repository (package.json, any postinstall scripts, src/) yourself or in a sandbox; 2) Run npm install in an isolated environment (container, VM) first; 3) Inspect chains.js for RPC endpoints and ensure they are trustworthy public RPCs; 4) Verify token contract addresses used by the skill against official sources; 5) Back up and protect ~/.cfx-wallet.json and consider using a hardware/external wallet for significant funds; 6) Prefer creating an ephemeral/test wallet for initial testing; 7) If you cannot audit the repo, treat the installation like running untrusted code and avoid storing large balances with it. If you want, I can list what to look for in package.json and src/ (postinstall scripts, network endpoints, hardcoded private keys) or fetch and summarize the remote repo for an additional review.Like a lobster shell, security has layers — review code before you run it.
latestvk976z26fgzcfxy5m12gn0zs81s83hve9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
💰 Clawdis
Binsnode, git