ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agnic

v1.0.0

Complete AI agent wallet with payments, trading, email, and on-chain identity. Use when the user wants to manage their agent's wallet, make payments, trade t...

0· 96·0 current·0 all-time
byAgnic.AI@agnicpay-prog

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for agnicpay-prog/agnic.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Agnic" (agnicpay-prog/agnic) from ClawHub.
Skill page: https://clawhub.ai/agnicpay-prog/agnic
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install agnic

ClawHub CLI

Package manager switcher

npx clawhub@latest install agnic
Security Scan
Capability signals
CryptoRequires walletCan make purchasesRequires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the SKILL.md: it provides wallet, payments, trading, email, identity, and an AI gateway. Those capabilities legitimately require network access, auth flows, and signing operations. However, the skill does not declare any credentials or configuration even though those capabilities normally require keys or private signing material.
!
Instruction Scope
SKILL.md instructs the agent to run npx agnic@latest commands that perform OAuth, send email, make payments, execute trades, and chat with external AI models. Those are high-impact, real-world actions. The instructions contain no explicit safety checks, confirmation prompts, or limits and do not explain where credentials come from (local keys, prompts, or external services). The workflow encourages automatic signup/payment flows and emailing results, which could cause unintended transactions or data exfiltration.
!
Install Mechanism
No install spec is provided, but the allowed-tools and SKILL.md direct runtime use of `npx agnic@latest`, which fetches and executes code from the npm registry on demand. Running unpinned `@latest` packages via npx is a significant runtime code-fetch risk (no provenance/integrity guarantees or pinned version). The skill could execute arbitrary code fetched at runtime.
!
Credentials
The skill declares no required environment variables or credentials, yet the documented commands imply the need for OAuth tokens, wallet keys, payment signing, and AI provider API keys. The absence of declared credentials is a mismatch: the agent or the npx package will need to obtain/store secrets somehow (browser OAuth, local credential stores, or interactive prompts), which increases the chance of unexpected credential access or exfiltration.
!
Persistence & Privilege
always is false, but disable-model-invocation is false (the agent may invoke the skill autonomously). Combined with the ability to make payments, trade tokens, and send email, autonomous invocation increases blast radius. The skill also allows running remote code (npx) — if invoked autonomously this could lead to unapproved transactions or data leakage.
What to consider before installing
This skill will run `npx agnic@latest` commands at runtime to perform real-world wallet, payment, trading, and email actions. Before installing or enabling it: (1) Treat it as high-risk — it may request or use credentials and can execute arbitrary npm code; (2) Prefer a vetted, pinned package version (avoid `@latest`) and inspect the npm package source before allowing execution; (3) Require explicit interactive confirmations for any transaction or email send, or disable autonomous invocation; (4) Test in a sandbox with a throwaway wallet and minimal funds; (5) Consider restricting network/execution permissions or running the agent where npx cannot fetch remote code; (6) If you lack the ability to audit the npm package, decline installation or only use a version published by a known, trusted maintainer.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fctscjetjj4nrmnhf9ttp2984d54a
96downloads
0stars
1versions
Updated 2w ago
v1.0.0
MIT-0
Agnic.AI@agnicpay-prog
latest
Download

Agnic — Unified Agent Wallet Skill

This skill gives your AI agent a full identity stack: wallet, email, payments, trading, and on-chain identity.

Authentication

npx agnic@latest auth login    # Opens browser for OAuth login
npx agnic@latest auth logout   # Clear stored credentials

Balance & Funding

npx agnic@latest balance --json                     # All networks
npx agnic@latest balance --network base --json      # Specific network
npx agnic@latest address                            # Show wallet address

Supported networks: base, solana, base-sepolia, solana-devnet

X402 Payments

# Search for APIs
npx agnic@latest x402 search "weather data" --json

# Preview cost before paying
npx agnic@latest x402 preview <url>

# Make a paid API call
npx agnic@latest x402 pay <url> --method GET --json

Token Trading

# Get a quote
npx agnic@latest trade quote 10 USDC ETH --json

# Execute a trade (Base mainnet only)
npx agnic@latest trade 10 USDC ETH --json

Supported tokens: USDC, ETH, WETH, cbETH, DAI, AERO

Send USDC

npx agnic@latest send <amount> <address> --network base --json

Agent Identity

npx agnic@latest agent-identity --json    # ERC-8004 identity, trust score, delegation
npx agnic@latest status --json            # General account status

Agent Email

npx agnic@latest email address --json                     # Show email alias
npx agnic@latest email setup --display-name "My Agent"    # Create email alias
npx agnic@latest email inbox --limit 10 --json            # Check inbox
npx agnic@latest email send --to user@example.com --subject "Hello" --body "Message"
npx agnic@latest email reply --message-id <id> --body "Reply text"

AI Gateway

# List available AI models
npx agnic@latest ai models --json
npx agnic@latest ai models --provider openai --json

# Chat with an AI model
npx agnic@latest ai chat --model openai/gpt-4o --prompt 'Explain quantum computing' --json
npx agnic@latest ai chat --model meta-llama/llama-3.3-70b --prompt 'Summarize this text' --json

# Generate an image
npx agnic@latest ai image --prompt 'A sunset over mountains' --output sunset.png
npx agnic@latest ai image --prompt 'Logo design' --aspect-ratio 16:9 --output logo.png

340+ models from OpenAI, Anthropic, Google, Meta, Mistral, DeepSeek, and more. Model format: provider/model-name (e.g., openai/gpt-4o, google/gemini-2.5-flash-image) Free models: meta-llama/*, google/gemma-*, mistralai/*

Workflow: Sign Up + Pay + Report

  1. Check auth: npx agnic@latest status --json
  2. Sign up for a service using agent email (email send)
  3. Check inbox for verification (email inbox)
  4. Reply to verify (email reply)
  5. Make paid API call (x402 pay)
  6. Email results to user (email send)

Comments

Loading comments...