agent-wallet
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is transparent about being a Lightning wallet, but it gives an agent control over real Bitcoin funds and a seed phrase without documented spending or approval limits.
Install only if you intentionally want an AI agent to operate a real Lightning wallet. Keep only a small amount of funds in it, pin and review the npm package, protect the ~/.mdk-wallet/ directory, avoid exposing the mnemonic, and require explicit approval for every outgoing payment.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent is allowed to use this skill too freely, it could spend real wallet funds in ways the user did not intend.
The skill explicitly exposes a command to send Bitcoin Lightning payments, but the artifacts do not document required user confirmation, spending limits, recipient allowlists, or other guardrails.
`npx @moneydevkit/agent-wallet send user@getalby.com 500` and `send <destination> [amount] | Pay bolt11, bolt12, lnurl, or lightning address`
Use only with an intentionally funded low-balance wallet, require explicit user approval for every send, and set external spending limits or operational policies before enabling agent use.
Anyone or any process that obtains the mnemonic can control or drain the wallet.
The skill creates and stores the private key material that controls wallet funds. The artifact also discusses `init --show`, creating risk that the mnemonic could be surfaced into agent output, logs, or shared context.
**Generates and stores a BIP39 mnemonic** at `~/.mdk-wallet/config.json` — this IS your private key. Treat it like a password.
Protect `~/.mdk-wallet/` with strict file permissions, avoid exposing the mnemonic in chat/logs, back it up securely, and consider a dedicated wallet with limited funds.
An unexpected package update or compromised dependency could affect wallet behavior or funds.
The normal examples run an npm package via npx without a pinned version, while the artifact itself recommends pinning for production. This matters because the package handles private keys and payments.
`npx @moneydevkit/agent-wallet init` and `Recommended: Pin a version (`npx @moneydevkit/agent-wallet@0.11.0`) in production.`
Pin a reviewed package version, verify the npm package/source repository, and avoid running unpinned wallet software in production.
Wallet services and payment polling may continue after the immediate task unless stopped.
The skill starts a background wallet daemon that continues operating locally and stores state. This is disclosed and purpose-aligned, but users should notice the persistence.
The CLI automatically starts a daemon on first command. The daemon: Runs a local HTTP server on `localhost:3456` ... Polls for incoming payments every 30 seconds ... Persists payment history to `~/.mdk-wallet/`.
Run the daemon only on trusted machines, monitor its status, and use the documented `stop` command when the wallet should not remain active.