My Wallet for OpenClaw

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This wallet bundle is purpose-aligned, but it should be reviewed carefully because it runs bundled Node MCP code, handles self-custodial wallet secrets and funds, persists wallet state locally, and static scanning flagged hardcoded secrets and obfuscated code.

Review this as a high-risk financial integration, not a simple informational skill. Only install it if you trust the publisher and understand that it can run local wallet code, persist wallet state, and handle seed/password material. Avoid using significant funds until the hardcoded-secret and obfuscation findings are explained or resolved, and require explicit confirmations for all transfers, swaps, signing, and approval/autonomy changes.

Static analysis

Exposed secret literal

Critical

Finding: File appears to expose a hardcoded API secret or token.
Content: apiKey: [REDACTED],

Exposed secret literal

Critical

Finding: File appears to expose a hardcoded API secret or token.
Content: password: [REDACTED]

Exposed secret literal

Critical

Finding: File appears to expose a hardcoded API secret or token.
Content: password: [REDACTED]

Obfuscated code

Warn

Finding: Potential obfuscated payload detected.
Content: const data = Buffer.from(src, 'base64');

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

ASI04: Agentic Supply Chain Vulnerabilities

High

What this means

Users would be trusting a large bundled wallet runtime that static analysis says may contain embedded secrets and obfuscated logic.

Why it was flagged

The supplied static scan reports both a hardcoded API key and an obfuscation-like base64 decoding pattern in a large bundled runtime payload. Because this payload is part of the wallet MCP runtime, this is a material provenance and reviewability concern.

Skill content

apiKey: [REDACTED]; const data = Buffer.from(src, 'base64');

Recommendation

Install only if you trust the publisher and source provenance. The publisher should remove or document any embedded keys, rotate real secrets, provide auditable source-to-bundle provenance, and explain or eliminate obfuscation indicators.

ASI05: Unexpected Code Execution

Medium

What this means

Installing the bundle can cause OpenClaw to run local Node code for wallet operations.

Why it was flagged

The launcher executes the bundled MCP payload and points it at a bundled CLI payload. This is coherent with a local wallet MCP integration, but it means the skill is not merely passive documentation.

Skill content

process.argv.splice(2, 0, '--mywallet-bin', packagedCliPath); ... require(packagedMcpPath);

Recommendation

Treat installation as granting runtime code execution to a wallet service. Review the publisher, bundle provenance, and local MCP configuration before using it with valuable wallets.

ASI03: Identity and Privilege Abuse

High

What this means

If misused or misconfigured, the agent could influence transactions, signatures, address-book data, or wallet approval behavior.

Why it was flagged

The skill advertises broad authority over wallet behavior, including funds movement, trading, signing, saved addresses, and approval/autonomy settings. These capabilities match the wallet purpose but are high-impact and require very clear user control boundaries.

Skill content

manage saved addresses, approval settings, and autonomy modes, prepare transfers with approval-aware flows, swap/trade tokens, sign messages

Recommendation

Use only with strict user confirmations for spending, swaps, signing, and approval/autonomy changes. Start with small funds, verify recipient addresses out of band, and avoid granting autonomous wallet actions unless you fully understand the policy.

ASI06: Memory and Context Poisoning

High

What this means

A wallet recovery phrase or password could appear in agent context, logs, transcripts, or other retained data if the host or tooling stores the conversation.

Why it was flagged

The workflow places a user password and mnemonic-bearing custody material into the agent/tool flow. Seed phrases and passwords are extremely sensitive, and the artifacts do not fully describe how chat history, tool logs, or retained context avoid storing or reusing that material.

Skill content

call `mywallet_create_wallet` with the user-provided password ... `mywallet_create_wallet` returns mnemonic-bearing custody material

Recommendation

Do not use with real funds unless you understand how OpenClaw stores tool inputs and outputs. The publisher should add explicit guidance to prevent mnemonic/password retention, logging, copying, or reuse across sessions.

ASI06: Memory and Context Poisoning

Medium

What this means

Wallet state can persist on the local machine across sessions and may affect future agent actions.

Why it was flagged

The MCP server is initialized with persistent node-file storage for a `mywallet` profile. Persistent wallet state is expected, but it is sensitive and should be clearly disclosed with location, retention, backup, and deletion guidance.

Skill content

"--api-init-json", "{\"storage\":{\"type\":\"nodeFile\",\"profile\":\"mywallet\"}}"

Recommendation

Before using real assets, locate and protect the wallet storage profile, understand how to back it up or delete it, and verify that saved addresses and approval settings have not been altered.