Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Sponge Wallet

v1.0.0

Manages crypto wallets, transfers tokens, swaps on DEXes, checks balances, and accesses paid APIs (search, image gen, prediction markets, web scraping, document parsing, sales prospecting) via x402 micropayments. Use when the user asks about wallet balances, token transfers, swaps, blockchain payments, or paid API services.

⭐ 0· 1.6k·0 current·0 all-time

byRishab Luthra@rishabluthra

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The skill's code and docs match the described capabilities (balance checks, transfers, swaps, x402 paid-API calls). However the registry metadata lists no required environment variables or primary credential while the code and SKILL.md clearly rely on an API key (SPONGE_API_KEY) and an API URL override (SPONGE_API_URL). That mismatch between declared requirements and actual needs is an incoherence that matters for trust.

Instruction Scope

Runtime instructions tell the agent to run the included Node CLI which contacts a remote MCP JSON-RPC endpoint (default: https://api.wallet.paysponge.com/mcp). The skill: (1) stores credentials in ~/.spongewallet/credentials.json, (2) attempts to copy device codes to system clipboard via child_process execSync, (3) by default auto-pays x402 microtransactions (auto_pay default true) which means the skill can create on-chain payments without an interactive approval flow, and (4) exposes tasks that crawl arbitrary URLs and perform prospecting/enrichment (potentially sending user data to third-party providers). These behaviors are within the stated purpose but elevate risk and should be explicitly disclosed and approved by the user.

✓

Install Mechanism

There is no install spec; this is instruction + embedded JS code only. That minimizes disk-write/third-party install risk. The included script will be executed by node when invoked.

Credentials

Although the registry says 'Required env vars: none', the code documents and uses SPONGE_API_KEY (optional override but functionally primary credential) and SPONGE_API_URL. The skill needs sensitive credentials to operate (wallet API key that can sign transactions and fund micropayments). Requesting or relying on an API key is proportionate to a remote-wallet design, but the metadata omission and lack of a declared primaryEnv is an inconsistency that reduces transparency and is a security concern.

ℹ

Persistence & Privilege

always:false (good). The skill stores credentials at ~/.spongewallet/credentials.json with restrictive file modes (0o600) — expected for a wallet tool. It does not appear to modify other skills or system configs. One important behavioral privilege: the skill (by default) will auto-pay x402 requests and can initiate transfers/swaps via the remote API — combine that with the API key's power and autonomous agent invocation (model invocation is enabled by default) and you have a high-impact capability that requires trust in the remote service.

What to consider before installing

What to consider before installing: - Trust boundary: this skill delegates wallet operations to a remote service (default API: https://api.wallet.paysponge.com). Anyone controlling that service or the API key can sign/submit transactions and perform micropayments. Only use it if you trust the provider and have verified their identity and policies. - Secrets: the skill uses an API key (SPONGE_API_KEY) and stores credentials at ~/.spongewallet/credentials.json. Do NOT put live/large-value keys into the environment or the skill until you vet the provider. Prefer testnet keys (sponge_test_*) when evaluating. - Transparency mismatch: the registry metadata declared no env vars/primary credential, but the code clearly uses SPONGE_API_KEY and SPONGE_API_URL. That omission reduces visibility — ask the publisher to correct the metadata before installing. - Automatic payments: paid-API calls (sponge/x402) default to auto_pay=true. If you do not want the skill to spend funds without explicit confirmation, set auto_pay to false or avoid using the sponge tool. Consider requiring manual payment signatures. - Data exfiltration risk: tasks like 'crawl', 'parse', and 'prospect' will send URLs, documents, or contact data to third-party providers (the sponge pipeline). Do not send sensitive documents or PII unless you understand where the data goes and have permission. - Practical checks: verify the code repository and API host (check GitHub repo/paysponge domain and who runs the service), audit the server-side policy for allowlisting/transfer approvals, and run the skill with test keys in an isolated environment first. If possible, require a least-privilege API key (read-only or limited signing scope) for evaluation. If you cannot verify the remote service or if you need strong local control over private keys, do not install or use live keys with this skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk972qfwmetj1ezsbvews3gc9x5803tnh

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Sponge Wallet

License

Comments