Bitcoin Wallet using Breez Spark SDK
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is clearly a Bitcoin wallet, but it depends on installing unreviewed external plugin code that would handle mainnet funds, API keys, and wallet mnemonics.
Only install this if you are comfortable running the referenced BreezClaw plugin code after reviewing or pinning it. Treat it like real wallet software: use minimal funds at first, protect the API key and mnemonic, and manually confirm every payment detail before sending.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the external plugin or its dependencies are compromised, they could affect wallet funds, API keys, or mnemonic handling.
The reviewed package contains only SKILL.md, but the setup directs users to install and build external, unpinned npm-based plugin code. Because that plugin would operate a Bitcoin wallet, this provenance gap is materially risky.
git clone https://github.com/onesandzeros-nz/BreezClaw.git breezclaw ... npm install npm run build
Review the BreezClaw repository and dependency lockfiles before installing, pin to a trusted commit or release, and avoid funding the wallet until the installed code has been verified.
Anyone or anything with access to the mnemonic may be able to control the wallet funds; mainnet operations involve real Bitcoin.
The skill requires a provider API key and includes a tool that can retrieve the wallet mnemonic. These are expected for a self-custodial wallet, but they grant sensitive account and key access.
"breezApiKey": "YOUR_BREEZ_API_KEY", "network": "mainnet" ... `wallet_backup` | Retrieve mnemonic (sensitive!)
Use a dedicated wallet with limited funds, protect the OpenClaw config and wallet directory, and only request mnemonic backup in a private, trusted context.
A mistaken or misconfirmed payment could send funds to the wrong destination and may not be recoverable.
The skill can execute real Bitcoin/Lightning payments. The documented two-step confirmation flow is a useful control, but the action remains high-impact and generally irreversible.
`wallet_prepare_send` | Prepare payment with fee estimate ... `wallet_send` | Execute confirmed payment ... User confirms → `wallet_send(confirmed=true)`
Verify recipient, amount, network, and fees before confirming any send; consider using small test amounts first.