Farcaster Agent
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: farcaster-agent Version: 1.2.0 The skill is classified as suspicious due to its handling of highly sensitive cryptographic keys. It explicitly prints newly generated private keys to the console (SKILL.md, Step 1) and automatically saves both custody and signer private keys in plain text JSON files on the filesystem (`~/.openclaw/farcaster-credentials.json` or `./credentials.json`), as detailed in SKILL.md (Step 3). While the skill provides a security warning about the plain text storage, this practice introduces a significant risk of credential compromise for the user, even though the actions are aligned with the stated purpose of managing a Farcaster account and there is no clear evidence of intentional malicious exfiltration to an attacker-controlled endpoint.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could run unreviewed code while giving it control over a funded wallet and Farcaster account.
The artifact set contains only SKILL.md, yet the skill instructs npm installation and execution of helper scripts that would receive a wallet private key. Those dependencies and src scripts are not reviewable in the supplied artifacts.
"install":[{"id":"npm","kind":"shell","command":"cd {baseDir}/.. && npm install"}] ... PRIVATE_KEY=0x... node src/auto-setup.jsDo not run this until the full source package, package.json/lockfile, and referenced src scripts are available from a trusted source and have been reviewed.
Anyone or any process that can read the credential files could spend remaining wallet funds or take over the Farcaster account.
The skill defaults to storing wallet and signer credentials in clear text, and the document acknowledges those credentials can control funds and the Farcaster account.
Credentials are automatically saved to: ~/.openclaw/farcaster-credentials.json ... Credentials are stored as plain text JSON. Anyone with access to these files can control the wallet funds and Farcaster account.
Use a disposable low-balance wallet, prefer --no-save or a proper secret store, remove leftover funds after setup, and restrict file permissions.
Funds may be spent or moved and public Farcaster content may be posted in ways the user did not separately approve.
A single setup workflow is described as automatically performing financial transactions, account registration, signer authorization, and public posting. The artifacts do not show per-transaction approvals or rollback protections.
The skill handles bridging and swapping automatically. ... This will: ... Register your FID ... Add a signer key ... Post your first cast
Require explicit approval for each transaction and cast, keep only the intended amount in the wallet, and verify the exact actions before execution.
Users may trust the private-key and fund-handling workflow more than the available provenance justifies.
The supplied metadata lists the source as unknown and provides no homepage, so the official-team claim is not substantiated by the provided artifacts despite the skill requesting high-impact wallet authority.
Official skill from the Farcaster team.
Verify the publisher and source through an official Farcaster channel before providing any private key or funded wallet.