ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agnic Check Balance (x402)

v2.0.2

Check USDC balance across networks (Base, Solana). Use when the user wants to check balance, see how much USDC is available, view funds, or verify wallet bal...

0· 209·0 current·0 all-time
byAgnic.AI@agnicpay-prog

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for agnicpay-prog/agnic-check-balance.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Agnic Check Balance (x402)" (agnicpay-prog/agnic-check-balance) from ClawHub.
Skill page: https://clawhub.ai/agnicpay-prog/agnic-check-balance
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install agnic-check-balance

ClawHub CLI

Package manager switcher

npx clawhub@latest install agnic-check-balance
Security Scan
Capability signals
CryptoRequires walletRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the runtime instructions (both direct the user/agent to run 'npx agnic@latest balance' to check USDC balances on Base and Solana). However, the SKILL.md refers to an authentication token (AGNIC_TOKEN) and an 'authenticate-wallet' skill that are not declared in the skill's metadata, creating a minor mismatch between stated requirements and runtime needs.
!
Instruction Scope
Instructions explicitly require running 'npx agnic@latest status' and 'npx agnic@latest balance' and instruct how to supply a token via AGNIC_TOKEN or --token. While the described actions (checking balances) stay within scope, they direct the agent to execute third-party code at runtime and to accept a credential which could expose wallet access. The instructions do not request or instruct reading unrelated local files, but they give broad discretion to run dynamic npm packages.
!
Install Mechanism
There is no install spec, but the SKILL.md depends on 'npx agnic@latest' — which will dynamically download and execute code from the npm registry at runtime. Dynamic npx installs are a supply-chain risk because arbitrary code from the registry will run without a pinned, reviewed release or source link. The skill metadata provides no homepage or source to verify the package.
!
Credentials
The registry metadata declares no required env vars, but the SKILL.md references AGNIC_TOKEN (and passing --token) for authentication. That token likely grants access to wallet/account data; the skill does not explain the token's scope. The missing declaration of this credential is an inconsistency and elevates risk because users may be asked to provide a sensitive token without clear justification or visibility into what the remote package will do with it.
Persistence & Privilege
The skill does not request always: true, does not claim persistent modifications to agent configuration, and is user-invocable with normal autonomous-invocation settings. There is no evidence it modifies other skills or system-wide settings.
What to consider before installing
This skill asks you (or the agent) to run 'npx agnic@latest', which will download and execute code from the npm registry at runtime. Before using it: 1) Verify the agnic package source (homepage, repository, maintainers) and prefer a pinned version rather than @latest. 2) Understand what AGNIC_TOKEN is and the minimum scope needed — never provide private keys or broad-purpose credentials unless you trust the package and understand token permissions. 3) If possible, run the package in a sandboxed environment or inspect the package code before running. 4) If you only need read-only balances, prefer a provider or tool with documented, audited client code or an API where you can limit token scope. If you want, I can help look up the agnic npm package, its repository, and the token scope (if a homepage/repo is available).

Like a lobster shell, security has layers — review code before you run it.

latestvk976njta39r5jqbjndytwawvnn85c25k
209downloads
0stars
2versions
Updated 23h ago
v2.0.2
MIT-0
Agnic.AI@agnicpay-prog
latest
Download

Checking USDC Balance

Use npx agnic@latest balance to check USDC balance across supported networks.

Authentication

Run npx agnic@latest status --json to verify. If not authenticated:

  • Headless (CI/server/agent): Set AGNIC_TOKEN env var or pass --token <token>
  • Interactive (has browser): Run npx agnic@latest auth login

See the authenticate-wallet skill for details.

Command Syntax

npx agnic@latest balance [--network <network>] [--json]

Options

OptionDescription
--network <name>Filter by network (default: all networks)
--jsonOutput result as JSON

Supported Networks

NetworkDescription
baseBase mainnet (primary)
base-sepoliaBase testnet
solanaSolana mainnet
solana-devnetSolana devnet

Examples

# Check balance on all networks
npx agnic@latest balance --json

# Check balance on Base mainnet only
npx agnic@latest balance --network base --json

Expected Output

Network       Balance      Address
base          125.50 USDC  0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb7
base-sepolia    0.00 USDC  0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb7
solana          0.00 USDC  N/A
solana-devnet   0.00 USDC  N/A

Error Handling

Common errors:

  • "Not authenticated" -- Run npx agnic@latest auth login or set AGNIC_TOKEN
  • Network timeout -- Try again or specify a single network with --network base

Comments

Loading comments...