agent-wallet
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: mdk-agent-wallet Version: 0.3.3 This skill is classified as suspicious due to its inherent high-risk capabilities, specifically the generation and storage of a BIP39 mnemonic (private key for a cryptocurrency wallet) on disk at `~/.mdk-wallet/config.json`, and its reliance on executing an external npm package (`@moneydevkit/agent-wallet`) via `npx`. While the `SKILL.md` is highly transparent about these risks, explicitly warning about the mnemonic and providing source code links, these capabilities introduce significant vulnerabilities, including supply chain risk and the potential for unauthorized fund access or exfiltration if the underlying package is compromised or the agent is later prompted maliciously. There is no evidence of intentional malice within the provided files, but the critical nature of the data handled warrants a 'suspicious' classification.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent is allowed to use this skill too freely, it could spend real wallet funds in ways the user did not intend.
The skill explicitly exposes a command to send Bitcoin Lightning payments, but the artifacts do not document required user confirmation, spending limits, recipient allowlists, or other guardrails.
`npx @moneydevkit/agent-wallet send user@getalby.com 500` and `send <destination> [amount] | Pay bolt11, bolt12, lnurl, or lightning address`
Use only with an intentionally funded low-balance wallet, require explicit user approval for every send, and set external spending limits or operational policies before enabling agent use.
Anyone or any process that obtains the mnemonic can control or drain the wallet.
The skill creates and stores the private key material that controls wallet funds. The artifact also discusses `init --show`, creating risk that the mnemonic could be surfaced into agent output, logs, or shared context.
**Generates and stores a BIP39 mnemonic** at `~/.mdk-wallet/config.json` — this IS your private key. Treat it like a password.
Protect `~/.mdk-wallet/` with strict file permissions, avoid exposing the mnemonic in chat/logs, back it up securely, and consider a dedicated wallet with limited funds.
An unexpected package update or compromised dependency could affect wallet behavior or funds.
The normal examples run an npm package via npx without a pinned version, while the artifact itself recommends pinning for production. This matters because the package handles private keys and payments.
`npx @moneydevkit/agent-wallet init` and `Recommended: Pin a version (`npx @moneydevkit/agent-wallet@0.11.0`) in production.`
Pin a reviewed package version, verify the npm package/source repository, and avoid running unpinned wallet software in production.
Wallet services and payment polling may continue after the immediate task unless stopped.
The skill starts a background wallet daemon that continues operating locally and stores state. This is disclosed and purpose-aligned, but users should notice the persistence.
The CLI automatically starts a daemon on first command. The daemon: Runs a local HTTP server on `localhost:3456` ... Polls for incoming payments every 30 seconds ... Persists payment history to `~/.mdk-wallet/`.
Run the daemon only on trusted machines, monitor its status, and use the documented `stop` command when the wallet should not remain active.