ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AgentWallet

v1.0.0

Secure multi-chain wallet for AI agents. Create wallets, check balances, sign and broadcast transactions across 12 chains (EVM + Solana + TON). Private keys...

0· 183·0 current·0 all-time
byJacky@phlegonlabs
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (multi-chain wallet) matches the requested binary and npm package. Requiring a local `agentwallet` binary and offering an npm install is coherent for this purpose. However, the manifest declares only an optional AGENTWALLET_PASSWORD while the runtime instructions rely heavily on a session token (AGENTWALLET_TOKEN) and do not declare it as a required/primary credential — that mismatch weakens confidence.
!
Instruction Scope
SKILL.md instructs the agent to run CLI commands (init, unlock, create, transfer, sign) which is expected. But it explicitly tells users to export AGENTWALLET_TOKEN and to pass tokens via --token/environment variables while the registry metadata does not declare AGENTWALLET_TOKEN. The instructions otherwise avoid reading unrelated system files, and they state that export/mnemonic commands are TTY-gated for non-interactive safety, which is good.
!
Install Mechanism
Installation is via npm package `agentwallet`. npm installs are common but carry supply-chain risk unless package provenance/version is pinned and the repository is verified. The manifest's repository URL in SKILL.md is a placeholder (https://github.com/user/agentwallet) and the skill registry 'Source' is unknown — there's no verified upstream or checksum. This makes the install vector moderate-to-high risk.
!
Credentials
Only AGENTWALLET_PASSWORD is declared (optional), yet runtime instructions rely on AGENTWALLET_TOKEN (sensitive) and recommend exporting it. No primary credential is set. For a wallet skill, the token is the primary secret — it should be declared/justified. The number of env vars is small and limited to wallet auth, so scope of sensitive access is narrow, but the missing declaration is a notable inconsistency.
Persistence & Privilege
The skill is not always-enabled, does not request system-wide config paths, and does not declare elevated privileges or cross-skill config changes. Autonomous invocation is allowed by default (expected). No persistence or privilege escalation is requested in the manifest.
What to consider before installing
This skill could be legitimate, but there are several red flags you should address before installing or using it with real funds: 1) The runtime docs reference AGENTWALLET_TOKEN (a sensitive session token) but the registry metadata does not declare it as a required/primary credential — ask the publisher to explicitly declare and justify AGENTWALLET_TOKEN and AGENTWALLET_PASSWORD, and mark the token as sensitive/primary. 2) The install uses an npm package named `agentwallet` with no pinned version, no verified repository, and a placeholder repo URL — verify the package author, repository, release tags, and checksum (or prefer installing a vetted binary). 3) Review the package source code (or request an audit) before running it, and test in an isolated environment or ephemeral VM with no real funds. 4) Prefer short-lived session tokens, enable and verify the TTY-gating behavior for export/mnemonic, and avoid exporting secrets to other processes. 5) If you proceed, require the publisher to provide a proper homepage/repository, pinned version, and clear primaryEnv metadata (AGENTWALLET_TOKEN) — until then treat this skill as untrusted for managing real private keys.

Like a lobster shell, security has layers — review code before you run it.

latestvk9716y0fn2j4hkznj7sm0prv3h82zbrj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

wallet Clawdis
Binsagentwallet
EnvAGENTWALLET_PASSWORD (sensitive, optional): Master password for initial unlock.

Install

Install agentwallet (npm)
Bins: agentwallet
npm i -g agentwallet

Comments