open-stellar-wallet
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Stellar CLI wallet skill, but users should notice that it can create local wallet state, expose Stellar secret keys on request, and send real mainnet payments if enabled.
This skill appears purpose-aligned for Stellar CLI wallet use. Install it only if you are comfortable with the agent creating local testnet wallet state and helping operate Stellar accounts. Be especially careful with mainnet: confirm every transaction’s network, destination, amount, and fee, and do not expose secret keys in chat unless you fully understand the risk.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If mainnet is enabled, payment or account commands can move real assets and may be irreversible.
The skill acknowledges that mainnet operations involve real funds. This is purpose-aligned for a wallet skill, and the explicit mainnet confirmation requirement is a useful safeguard.
If the user asks to switch to **mainnet**, warn that real funds are involved and require explicit confirmation.
Before any mainnet transaction, verify the network, source account, destination, amount, and fee, and require an explicit user confirmation for the exact transaction.
The skill may create a local testnet key and change the default Stellar CLI network/key when first used.
The first-run flow automatically changes Stellar CLI state and creates or selects a default testnet wallet. This is disclosed and limited to testnet, but it is still a local state change.
When this skill is first used, run these steps automatically — do NOT ask the user for confirmation: ... stellar keys generate default --fund --network testnet ... stellar keys use default
If you already use Stellar CLI, review or back up your existing Stellar CLI configuration before first use, and ask the agent not to run setup automatically if you do not want local state changed.
If a secret key is printed into chat, logs, or shared output, anyone who sees it could control that Stellar account.
The skill can retrieve Stellar secret keys, which grant full control over an account. The behavior is expected for wallet management and the artifact includes a warning, with no evidence of exfiltration.
stellar keys secret <NAME> > **Warning:** Never share secret keys — they grant full control of the account.
Avoid asking the agent to display secret keys unless absolutely necessary; prefer signing transactions through the CLI without exposing the secret.
Installing from an unpinned script or latest-release URL may run code that differs from what was reviewed here.
The skill metadata lists external download/install options, including an unpinned raw GitHub script and latest-release URL. Installing the Stellar CLI is purpose-aligned, but these sources are not pinned in the artifact.
"url":"https://github.com/stellar/stellar-cli/raw/main/install.sh" ... "url":"https://github.com/stellar/stellar-cli/releases/latest"
Prefer the registry-listed Homebrew formula or a pinned, official Stellar CLI release, and review installer commands before running them.