ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agnic Fund Wallet

v2.0.2

Get instructions for funding your Agnic wallet with USDC. Use when the user wants to add funds, deposit USDC, top up, or needs more balance. Covers "add fund...

0· 101·0 current·0 all-time
byAgnic.AI@agnicpay-prog

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for agnicpay-prog/agnicpay-fund-wallet.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Agnic Fund Wallet" (agnicpay-prog/agnicpay-fund-wallet) from ClawHub.
Skill page: https://clawhub.ai/agnicpay-prog/agnicpay-fund-wallet
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install agnicpay-fund-wallet

ClawHub CLI

Package manager switcher

npx clawhub@latest install agnicpay-fund-wallet
Security Scan
Capability signals
CryptoRequires walletCan make purchasesRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description and the SKILL.md are consistent: all instructions focus on adding USDC to an Agnic wallet on Base. However the skill implicitly requires the ability to run 'npx agnic@latest' (Node/npm present, network access) even though required binaries/environment are declared as none. That implicit dependency should be made explicit.
Instruction Scope
The runtime instructions stay within the funding workflow (auth, get address, send USDC, verify balance). They do not request unrelated files or system-wide data. However the doc references an AGNIC_TOKEN for headless auth and points to another skill (authenticate-wallet) — the token is sensitive and is not declared in requires.env, which is a scope/information mismatch.
!
Install Mechanism
There is no install spec, but allowed-tools instruct the agent to run 'npx agnic@latest ...'. Using npx downloads and executes code from the public npm registry at runtime. That can execute arbitrary remote code; using the '@latest' tag increases risk because the package is not pinned to a specific version. This is a moderate-to-high operational risk and should be justified or changed to a pinned, auditable release.
!
Credentials
SKILL.md tells users to set AGNIC_TOKEN for headless authentication, yet requires.env lists no environment variables and no primary credential. AGNIC_TOKEN is a secret and should be declared, its scope and storage explained, and the skill should request only what it needs. The mismatch is a material omission.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and appears to be user-invocable only. Autonomous model invocation is allowed (the platform default) but is not combined here with other high-risk features.
What to consider before installing
Before installing or running this skill: (1) Be aware that it runs `npx agnic@latest`, which will download and execute code from npm — review the package source (npm/GitHub) and prefer a pinned release rather than '@latest'. (2) The SKILL.md mentions AGNIC_TOKEN (a secret) but the skill metadata does not declare any required env vars — ask the author to declare and document AGNIC_TOKEN, its minimal scope, and how/where it is stored. (3) If you must run the CLI, prefer doing so in an isolated environment (container or ephemeral VM) and avoid pasting secrets into chats. (4) Consider using the web dashboard (app.agnic.ai) for funding if you cannot validate the CLI package. (5) If in doubt, request the skill author to: add explicit requirements (Node/npm), list required env vars, pin the CLI version, and provide a link to the CLI source repository and release artifacts for auditing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ac2dxyhzry6ndeeqpc8dwgd85daxe
101downloads
0stars
2versions
Updated 5d ago
v2.0.2
MIT-0
Agnic.AI@agnicpay-prog
latest
Download

Funding the Agnic Wallet

Provide instructions for adding USDC to the user's Agnic wallet on Base.

Authentication

Run npx agnic@latest status --json to verify. If not authenticated:

  • Headless (CI/server/agent): Set AGNIC_TOKEN env var or pass --token <token>
  • Interactive (has browser): Run npx agnic@latest auth login

See the authenticate-wallet skill for details.

Get Wallet Address

npx agnic@latest address

Funding Options

Option 1: Agnic Dashboard (Recommended)

  1. Go to app.agnic.ai
  2. Sign in with the same account used in the CLI
  3. Navigate to the dashboard
  4. Use the "Add Funds" button to add USDC via card or on-chain funding

Option 2: Direct USDC Transfer

Send USDC directly to the wallet address on Base network:

  1. Get the address: npx agnic@latest address
  2. From any wallet (MetaMask, Coinbase, Phantom, etc.), send USDC on Base to that address
  3. Verify arrival: npx agnic@latest balance --network base

Important: Send USDC on Base network only. USDC on other chains (Ethereum mainnet, Arbitrum, etc.) will not appear in the balance.

Option 3: Bridge from Another Chain

If the user has USDC on Ethereum, Arbitrum, or Optimism, they can bridge to Base using:

  • bridge.base.org (official Base bridge)
  • Any cross-chain bridge that supports Base

Verify Balance

After funding, confirm the deposit arrived:

npx agnic@latest balance --network base

Important Notes

  • Agnic wallets use USDC (not ETH) for payments
  • Base network is the primary chain
  • Minimum recommended balance: $1.00 USDC for testing
  • Small amounts of ETH on Base may be needed for gas (auto-handled in most cases)

Error Handling

Common errors:

  • "Not authenticated" -- Run npx agnic@latest auth login or set AGNIC_TOKEN
  • Balance shows 0 after transfer -- Verify the transfer was on Base network (not Ethereum mainnet)
  • Transfer pending -- Base transactions typically confirm in 2-3 seconds

Comments

Loading comments...