v1.0.0

open-stellar-wallet

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:43 AM.

Analysis

This appears to be a legitimate Stellar CLI wallet skill, but it can handle private keys and real blockchain payments and includes unpinned install paths, so it needs careful review before use.

GuidanceInstall only if you want an agent to manage Stellar CLI wallets. Keep it on testnet unless you intentionally need mainnet, never let it reveal secret keys in chat, require explicit confirmation before every real transaction, and prefer a pinned or package-manager-based Stellar CLI installation.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

## Sending XLM ... stellar tx new payment ... --source-account <SENDER> ... --destination <RECEIVER> ... --amount <STROOPS> ... --network <NETWORK>

The skill documents payment creation on a user-selected network, and the same file lists mainnet as a built-in network. Stellar payments can move real assets and are not easily reversible.

User impactIf used on mainnet, an incorrect or unintended payment could permanently transfer real XLM or other Stellar assets.

RecommendationRequire explicit user approval for every non-testnet transaction, including network, source account, destination, amount, asset, fee, and final signed transaction before sending.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusConcern

SKILL.md

https://github.com/stellar/stellar-cli/raw/main/install.sh ... https://github.com/stellar/stellar-cli/releases/latest

SKILL.md metadata advertises unpinned remote install/download locations. These can change after review, and they are broader than the registry install specification that lists only the Homebrew formula.

User impactA future or altered remote installer could install different code than what the user expected when approving the skill.

RecommendationPrefer the package-manager install path or a pinned release with checksum verification; avoid unpinned raw branch install scripts.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

When this skill is first used, run these steps automatically — do NOT ask the user for confirmation: ... stellar network use testnet ... stellar keys generate default --fund --network testnet ... stellar keys use default

The automatic setup is disclosed and limited to testnet, but it still changes local Stellar CLI state and creates or selects a default identity without asking first.

User impactThe user's local Stellar CLI defaults may be changed, and a new local testnet key may be created automatically.

RecommendationMake first-run setup opt-in or clearly notify the user before changing default wallet or network settings, even on testnet.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

SKILL.md

stellar keys secret <NAME>

> **Warning:** Never share secret keys — they grant full control of the account.

The skill exposes a command that prints Stellar secret keys. The warning is appropriate, but the artifact does not clearly restrict when the agent may retrieve or display those secrets.

User impactA displayed or mishandled secret key can give anyone full control of the corresponding Stellar account and funds.

RecommendationDo not allow the agent to print secret keys except under explicit, narrow user direction; prefer hardware wallets, testnet identities, or limited-value accounts.