Agent Wallet
WarnAudited by ClawScan on May 13, 2026.
Overview
This wallet plugin appears purpose-built, but it can move crypto assets and depends on an external wallet runtime/installer, so it should be reviewed carefully before installation.
Install only if you trust the AgentLayer wallet runtime and are comfortable granting agent tools access to wallet operations. Review the external installer, use devnet or low-value wallets first, keep approval-token and mainnet-confirmation controls enabled, store secrets outside OpenClaw config, and verify every transaction or token action before execution.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If misused or approved accidentally, the agent could move assets, create debt positions, or perform public blockchain actions.
The declared tool contract includes actions that can transfer funds, create or alter token-related state, claim fees, deposit/withdraw/borrow/repay, and launch a token. These are high-impact write capabilities and the visible safety guidance does not clearly scope every one of them.
"claim_bags_fees", "close_empty_token_accounts", ... "jupiter_earn_deposit", ... "kamino_lend_borrow", ... "launch_bags_token", ... "transfer_btc", "transfer_evm_native", "transfer_evm_token", "transfer_sol", "transfer_spl_token"
Use this only with wallets you are willing to expose to agent tooling, start on devnet or small balances, keep host approval prompts enabled, and verify network, asset, amount, and destination before any execution.
A compromised or unintended external runtime could affect wallet signing, local services, or plugin configuration.
The sensitive wallet runtime and installer are external to the ClawHub plugin package under review, yet they install dependencies and modify local OpenClaw configuration for a high-impact wallet workflow.
npx @agentlayer.tech/wallet install --yes ... That installs the Python backend, Node dependencies for the local BTC/EVM runtimes, and patches the OpenClaw plugin config.
Install the runtime only from a trusted, pinned source; review the installer and config changes before use; consider isolating the wallet runtime from high-value funds.
If the configured backend path or Python binary points to untrusted code, the agent workflow could execute that code locally.
The plugin is designed to invoke a local backend process. This is expected for a bridge plugin, but it means configured paths such as the Python interpreter and package root must be trusted.
import { execFile } from "node:child_process"; ... const execFileAsync = promisify(execFile);Set `pythonBin` and `packageRoot` only to trusted local paths and avoid letting the agent modify those settings.
Exposure or misuse of these secrets could allow unauthorized wallet actions.
The runtime is expected to handle wallet signing secrets and approval secrets. This is purpose-aligned, but it is high-value credential material.
Provide only `AGENT_WALLET_BOOT_KEY` to the runtime. Provision `master_key`, `approval_secret`, and any signer `private_key` into `sealed_keys.json`, not `openclaw.json`.
Use encrypted wallets or sealed secret storage, avoid putting private keys in OpenClaw config, and rotate secrets if the host or runtime is compromised.
Wallet activity metadata, provider API use, or compliance fields may be shared with third-party services during supported operations.
The plugin configuration supports external provider flows that may include user IP and other compliance metadata, in addition to wallet/RPC provider traffic.
"houdiniUserIp": { "type": "string", "description": "Required Houdini compliance header: end-user IP address." }Use provider endpoints and API keys you trust, understand what metadata is sent for private swaps or gateway-backed flows, and avoid enabling providers you do not intend to use.