ChainWard
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill means trusting the ChainWard CLI package that is not included in the provided artifacts.
The skill installs an external npm CLI package to provide its functionality; this is expected for the skill but places trust in that package.
node | package: @chainward/cli | creates binaries: chainward
Install only if you trust the ChainWard publisher and package source; keep the CLI updated through normal package-management channels.
The CLI can act within the permissions granted by the ChainWard API key, such as viewing and managing monitored wallet data.
The skill requires a ChainWard API key for service access; this is disclosed and consistent with a wallet-monitoring account integration.
The API key is entered interactively. Users get one at chainward.ai → Settings → Generate Key.
Use a dedicated ChainWard API key if available, revoke it if no longer needed, and avoid sharing it outside the CLI’s expected setup flow.
Mistaken commands could add, remove, or alter monitoring and alert settings, though they do not appear to move wallet funds.
The CLI can modify the user’s ChainWard monitoring configuration, but the documented remove action is confirmation-prompted and aligned with the purpose.
chainward agents remove <address> Stops monitoring the wallet. Prompts for confirmation.
Review wallet addresses and alert settings before confirming changes.
Configured alerts may expose wallet activity or threshold information to Discord, Telegram, or webhook recipients.
Alert creation can send monitoring events to external communication channels; this is user-selected and purpose-aligned, but it affects where wallet activity data may appear.
delivery channel (Discord, Telegram, or webhook)
Use only trusted delivery channels and confirm who can access those channels before enabling alerts.