XPR Network Dev
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a documentation-only blockchain development skill with expected wallet, key, and transaction guidance, but users should treat its examples as high-impact financial operations.
This skill appears to be a legitimate instruction-only XPR Network development reference. Install it only if you are comfortable reviewing blockchain transaction examples before use. Prefer testnet, keep owner keys offline, use least-privilege permissions, avoid unencrypted private-key handling, and never let an automated agent sign mainnet transfers, trades, loans, or permission changes without clear limits and approval.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
2/65 vendors flagged this skill as malicious, and 63/65 flagged it as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the wrong account, permission, or key is used, generated code or automation could sign transactions that transfer funds, deploy contracts, or modify account state.
The documentation expects users to add blockchain private keys to a local keychain and sign transactions using active account authority. This is central to the stated blockchain/backend purpose, but it gives substantial account control.
proton key:add # interactive — paste key once, stored encrypted ... createCliSession({ account: XPR_ACCOUNT, permission: 'active', rpcEndpoint: RPC_ENDPOINT })Use testnet first, prefer least-privilege custom permissions where possible, keep owner keys offline, and require explicit review before mainnet signing or account changes.
Mistakes in generated trading code, amounts, markets, prices, or account names could cause financial loss or unwanted trades.
The DeFi examples show programmatic transaction broadcast for limit orders, market-order simulation, deposits, withdrawals, and order cancellation. These are expected for a DEX integration guide, but they are financially significant actions.
return session.transact({ actions }, { broadcast: true });Do not run trading or DeFi transaction examples unchanged on mainnet; inspect every action payload, confirm amounts and contracts, and add human approval or limits for bots.
Installing unpinned packages can introduce dependency or provenance risk if the package source is compromised or unexpected.
The skill is documentation-only, but it instructs users to install external npm dependencies for backend/agent workflows. This is purpose-aligned but not automatically pinned or installed by a reviewed install spec.
npm install @xpr-agents/openclaw @proton/js
Verify package ownership, pin versions, review lockfiles, and install dependencies in a controlled development environment.
Using private keys directly in shell commands or storing them without encryption can expose wallet credentials through shell history, process lists, local files, or backups.
The CLI reference includes an example for adding a private key without the encryption prompt. This appears to be a command reference rather than hidden behavior, but it is a sensitive key-handling option users should avoid unless they understand the consequences.
echo "no" | proton key:add PVT_K1_xxxxx
Use the interactive encrypted keychain flow, avoid putting private keys on the command line, and never use unencrypted storage for accounts holding real value.
An automated agent with active signing access could continue placing transactions or trades beyond what the user intended if safeguards are not added.
The guide explicitly discusses autonomous agents and scheduled backend signing. This is disclosed and aligned with backend blockchain automation, but it can create long-running financial authority if implemented without limits.
Autonomous AI agent (Claude-driven, agent runner, etc.) | proton CLI keychain ... Automated/scheduled tasks
Constrain autonomous agents with custom permissions, spending limits, allowlisted contracts/actions, monitoring, and a clear stop or approval mechanism.