ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Wallet

v0.1.0

Multi-chain wallet management for AI agents. Create wallets, check balances, transfer tokens (USDC/native), and bridge cross-chain. Use when agents need to send/receive payments, check funds, or manage crypto wallets. Supports Solana, Base, and Ethereum. Trigger phrases include "create wallet", "check balance", "send USDC", "transfer", "my addresses", "wallet status".

0· 935·1 current·1 all-time
by@voltagemonke
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Code, README, and SKILL.md implement a multi‑chain wallet and CCTP bridge (Circle bridge-kit packages are declared). The requested capabilities (create, balance, transfer, bridge) match the implementation. However the registry metadata claims no required env vars while the SKILL.md and the code require a WALLET_SEED_PHRASE — an important inconsistency.
!
Instruction Scope
Runtime instructions tell the agent/user to place a BIP‑39 seed in .env (WALLET_SEED_PHRASE) and run node scripts that derive private keys and sign transactions. The instructions do not ask for unrelated system files, but they do direct the skill to read a highly sensitive secret from disk and use it to perform networked actions (on‑chain transfers/bridge). That broad runtime authority (signing/sending money) is outside the safe default for many users and is not reflected in the registry metadata.
Install Mechanism
No automatic install spec is included (instruction-only install), but the bundle contains package.json/package-lock with multiple npm dependencies (Circle bridge-kit, ethers, solana libs, etc.). Dependencies come from npm (traceable), which is expected for this functionality; there is no download-from-arbitrary-URL or archive extraction. Because there is no automatic install action declared, the user/agent would need to run npm install manually for full functionality.
!
Credentials
The only truly required secret is a BIP‑39 seed (WALLET_SEED_PHRASE), which is proportionate to a wallet skill but is extremely sensitive (full custody). The registry metadata incorrectly lists no required env vars while SKILL.md and code require the seed. Optional RPC env vars are reasonable. The inconsistency between declared requirements and actual behavior increases risk: a user may install the skill unaware they must provide a seed.
!
Persistence & Privilege
always:false (good) but disable-model-invocation:false (default) — the agent can call this skill autonomously. Combined with read access to a seed phrase and code that signs/transmits transactions, the skill would be able to move funds without further human confirmation. This is a legitimate operational risk the user must accept consciously before providing any seed.
Scan Findings in Context
[base64-block] unexpected: A 'base64-block' prompt-injection pattern was detected in SKILL.md pre-scan. The visible SKILL.md content in the bundle is readable and not obviously obfuscated; this may be a false positive or an artifact of truncated/hidden content. Recommend searching the full SKILL.md and other files for any embedded/encoded payloads before trusting the package.
What to consider before installing
This skill genuinely implements wallet + cross‑chain bridging, but it requires a full BIP‑39 seed (WALLET_SEED_PHRASE) to operate. If you supply that seed (via .env) the code will derive private keys locally and can sign/send real transactions — effectively giving the skill custody of funds. Before installing or using: 1) Do not put a production or fund-holding seed into .env for this skill. Test with an empty/testnet wallet only. 2) Fix the metadata mismatch: the registry should declare WALLET_SEED_PHRASE as required; treat that as a red flag until corrected. 3) Review the code (scripts/wallet.js and bridge-async.js) yourself or have a developer audit it — especially approve/transfer/bridge flows and any network endpoints. 4) Prefer using a watch-only or hardware-signing flow (not supported here) or a dedicated, limited-purpose wallet with small balances. 5) If you must run it, keep the skill from being invoked autonomously (disable autonomous invocation if the platform permits) or require explicit user confirmation for any outgoing transfer. 6) Verify npm dependencies and their integrity (npm audit) before running npm install. If you are not comfortable auditing code or accepting the custody risk, do not provide a real seed.

Like a lobster shell, security has layers — review code before you run it.

latestvk974brwnmgwrsx6y8acvxj0sr9810z0m

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments