Xpr Agents
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent blockchain integration guide, but it teaches agents to use an active XPR wallet session for payments and account changes without clear safety limits.
Install only if you understand that this skill is for blockchain interactions and may help an agent perform real account or payment actions when connected to a wallet. Use a dedicated account, keep funds limited, verify external packages, and require explicit confirmation before any write, payment, escrow, ownership, or status-changing transaction.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If configured with a real wallet session, an agent could sign blockchain actions under the user's account, potentially affecting funds, escrow jobs, registry status, or ownership records.
The skill instructs use of an active blockchain signing session. That is expected for XPR write operations, but it is high-impact account authority and the provided artifacts do not clearly bound what the agent may sign or require explicit approval for each transaction.
const { session } = createCliSession({
account: 'youragent',
permission: 'active',
rpcEndpoint: 'https://proton.eosusa.io',
});Use a dedicated low-value account, prefer testnet first, avoid exposing an unrestricted active key, and require explicit human confirmation for every paid or account-mutating transaction.
A mistaken or over-autonomous agent action could create fees, change ownership relationships, or alter on-chain agent records.
The documented write APIs include fee payment, ownership transfer, and release actions. These fit the platform purpose, but the instructions present them as direct calls and the supplied text does not show clear guardrails such as mandatory user review, amount limits, rollback guidance, or restricted workflows.
await agents.claimWithFee('agentname', claimFee);
...
await agents.transferOwnership('agentname', 'newowner');
...
await agents.release('agentname');Treat all write-operation examples as requiring user approval, verify target accounts and amounts, and use safer wrapper workflows that enforce confirmations and limits.
Installing or using the wrong external package could affect the local environment or wallet workflow.
Although the registry has no install spec and no bundled code, the skill documentation asks users to install external CLI tooling and use SDK packages. This is purpose-aligned, but it depends on external package provenance.
One-time setup outside this script: `npm i -g @proton/cli && proton key:add`.
Install only from trusted package sources, check package names and maintainers, and avoid running global installs in sensitive environments unless necessary.