Sponge Wallet
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: wallet-skills Version: 0.1.2 This skill is classified as suspicious due to the exposure of several high-risk capabilities to the AI agent, which could be abused via prompt injection. Most notably, the `x402_fetch` endpoint allows the agent to make arbitrary HTTP requests to any URL and automatically pay for them using the agent's wallet, combining broad network access with financial expenditure. Additionally, the skill enables direct cryptocurrency transfers, swaps, bridges, Polymarket trading, and Amazon purchases, all of which are high-impact financial operations. While these features are intended, their broad scope and the agent's ability to execute shell commands (`curl`) based on `SKILL.md` instructions present a significant attack surface for unauthorized actions if the agent is compromised.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the API key is available, an agent could potentially initiate wallet operations through the remote API, including financially significant actions.
The skill delegates direct API use to the agent for a financial service. In the visible artifacts, this is not paired with mandatory confirmation, spending limits, or scoped safe workflows for high-impact actions.
This skill is **doc-only**. There is no local CLI. Agents must call the Sponge Wallet REST API directly.
Only use this skill if you understand the API permissions and can enforce explicit user confirmation, spending caps, allowlists, and review before transfers, swaps, purchases, or trades.
The agent may obtain persistent wallet API authority before the human owner has completed account claiming or approval.
For a wallet service, returning a live API key to the agent before human claim or approval is high-impact credential delegation. The visible instructions even label this mode as recommended.
**Agent-first** (`agentFirst: true`): agent receives the API key immediately, and the human can claim later.
Prefer the standard device flow where a human approves before the API key is issued, and avoid agent-first mode unless the wallet is testnet-only or tightly funded and allowlisted.
A user may install the skill expecting wallet balance and transfer management, without realizing it can also support purchases, auto-payments, and market trading.
The short description frames the skill as wallet management, but the visible endpoint list also includes automatic payments, prediction-market trading, and Amazon purchasing.
description: Manage crypto wallets, transfers, swaps, and balances via the Sponge Wallet API. ... POST /api/x402/fetch -> x402 fetch (auto-pay 402s) ... POST /api/polymarket -> Polymarket prediction market trading ... POST /api/checkout -> Amazon checkout (initiate purchase)
Update the description and user-facing guidance to clearly disclose all purchase, trading, and auto-payment capabilities before installation.