Sponge Wallet
WarnAudited by ClawScan on May 10, 2026.
Overview
This appears to be a real crypto wallet integration, but it can sign/send transactions and contains a risky shell-based login helper, so it should be reviewed carefully before use.
Install only if you trust Sponge/Paysponge and are comfortable giving this skill transaction-signing authority. Use testnet or low-balance wallets first, keep recipient allowlists and spending limits tight, confirm every transfer/swap/payment manually, and avoid setting SPONGE_API_URL unless you fully trust the endpoint.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the skill or agent is invoked incorrectly, it may have enough authority to sign transactions or move crypto assets.
The OAuth login requests delegated wallet read/write and transaction signing authority, which can control funds once an API key is stored or provided.
scope: "wallet:read wallet:write transaction:sign transaction:write"
Use only with a trusted Sponge account, prefer testnet or low-balance wallets, enforce allowlists/spending caps, and require explicit user confirmation before any transfer, swap, withdrawal, or signed payment.
A mistaken prompt, misunderstood recipient, or over-autonomous invocation could send funds, swap tokens, or incur paid API charges.
The skill exposes irreversible financial mutation tools as direct tool calls, while the instructions do not specify a mandatory final confirmation or transaction preview before execution.
`evm_transfer` | Transfer ETH/USDC on Ethereum/Base ... `solana_transfer` | Transfer SOL/USDC on Solana ... `solana_swap` | Swap tokens via Jupiter
Before installing or using, ensure the agent must restate and confirm chain, recipient, amount, token, slippage, fees, and payment cost before every transaction or paid API call.
A compromised provider response or untrusted SPONGE_API_URL could cause local shell commands to run on the user's machine during authentication.
The login flow interpolates a server-returned device code into a shell command. JSON.stringify is not shell escaping, so a malicious or redirected auth endpoint could potentially trigger command execution during login.
execSync(`echo -n ${JSON.stringify(device.userCode)} | pbcopy`);Replace shell clipboard commands with a safe clipboard API or spawn commands with fixed arguments and stdin; validate the device code format before copying.
The provider can see authenticated wallet actions and paid API prompts, URLs, or search parameters submitted through the skill.
Wallet commands and bearer credentials are sent to a remote MCP endpoint. This is expected for the integration, but the endpoint receives sensitive wallet operations and paid API task data.
const MCP_ENDPOINT = `${API_URL}/mcp`; ... "Authorization": `Bearer ${apiKey}`Only use trusted endpoints, avoid submitting sensitive prompts or private document URLs unless intended, and do not set SPONGE_API_URL to an untrusted server.
It may be harder to verify that the installed skill came from the expected wallet provider.
The registry metadata does not provide strong provenance for a high-impact wallet skill, even though the README references a GitHub repository.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Verify the repository and script contents from a trusted Sponge/Paysponge source before granting wallet access.