Kasia
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for Kaspa/Kasia messaging, but it requires broad wallet-seed authority, can broadcast mainnet transactions, and configures external MCP code, so it needs careful review before use.
Install only if you are comfortable giving verified Kasia/Kaspa MCP tooling access to a wallet. Prefer a fresh low-balance wallet, do not use your primary seed phrase, confirm every on-chain broadcast/payment manually, verify and pin external MCP code before running setup, and avoid or tightly control background polling files.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the configured MCP server or its dependencies are compromised or misused, the wallet seed could be used to sign transactions or spend KAS.
The setup script accepts a wallet mnemonic and persists it into the mcporter server environment. A Kaspa seed phrase is high-impact authority because it can authorize mainnet wallet activity.
--mnemonic) MNEMONIC="$2" ... if '$MNEMONIC': env['KASPA_MNEMONIC'] = '$MNEMONIC' ... json.dump(config, f, indent=2)
Use a dedicated low-balance wallet, avoid passing seed phrases on the command line, store secrets through a safer secret mechanism, and require explicit scoping/approval for wallet use.
A mistaken or over-broad tool call could spend funds or publish irreversible on-chain messages.
The skill instructs use of a transaction-broadcasting tool on mainnet, including payments, but does not specify confirmation gates, spend caps, or validation requirements before broadcasting.
Broadcast with `kaspa.send_kaspa` ... `amount: "0.2"` ... `Pay: Use `kaspa.send_kaspa` directly for payments` ... `Costs KAS`
Require explicit user confirmation for every broadcast, display the destination address/amount/payload, use strict spend limits, and prefer a dedicated wallet.
You must trust the external kasia-mcp/kaspa-mcp code and dependencies with wallet access and message decryption.
The setup script builds and configures external kasia-mcp code from a user-supplied path. That external code and its npm dependency provenance are not included in the reviewed artifact set, yet it will be used with wallet credentials.
if [ ! -f "$KASIA_MCP_PATH/dist/index.js" ]; then ... (cd "$KASIA_MCP_PATH" && npm install && npm run build) ... 'command': 'node $KASIA_MCP_PATH/dist/index.js'
Install MCP servers only from verified sources, pin versions and dependencies, inspect the code before adding a mnemonic, and avoid automatic verification with secrets until provenance is established.
Private messages may remain readable in the workspace after the conversation and could be reused by later agent sessions.
The optional polling workflow can persist decrypted private messages in a local memory-style file without retention or access-control guidance.
`kasia_get_messages` | Read decrypted messages ... Write new messages to a file (e.g., `memory/kasia-new-messages.jsonl`)
Make polling opt-in, restrict file permissions, define retention/deletion behavior, and avoid storing sensitive decrypted content unless necessary.
A poller could continue checking messages and writing files after the immediate task is finished.
The skill suggests an ongoing background polling process. This is purpose-aligned for real-time messaging, but it is persistent behavior that needs user lifecycle control.
For real-time message relay, set up a background poller ... calls `kasia_get_messages` every N seconds ... Use a cron job or heartbeat check
Only enable background polling with explicit user consent, document how to stop it, and log where it writes data.