Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Clawcast - Cast Ethereum Wallet for Agents
v1.0.0Skill for managing EVM wallets, transactions, and network helpers via cast; covers onboarding, checks, and operating procedures.
⭐ 0· 1.3k·0 current·0 all-time
byte_za@tezatezaz
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Overall the files and scripts implement an EVM wallet onboarding and helper workflow (install cast/Foundry, create/import key, create keystore, select network, maintain token lists). That aligns with the stated purpose. However the skill also attempts to modify workspace-level files (removes mentions from a workspace logs/tx_mentions.log during removal) and can install system packages (see install logic for 'at'). Those actions are not strictly required for basic wallet management and are worth questioning.
Instruction Scope
SKILL.md instructs the agent to run a readiness check automatically each session and to automatically run the onboarding scripts when no wallet exists. The scripts request highly sensitive input (mnemonic/private key/password) and then write secrets to disk (temporary private key file, mnemonic backup file, and a plaintext password file). The README promises a background 'sleep' fallback for mnemonic cleanup but the code only attempts to schedule deletion via 'at' and warns if 'at' is unavailable — so the claimed automatic cleanup may not occur. Automatic session checks, persistent storage of secrets, and the incomplete cleanup guarantee expand the runtime scope beyond a simple helper.
Install Mechanism
Although the registry shows no install spec, the included scripts will fetch and run external installers at runtime. scripts/01_install_cast.sh executes: curl -L https://foundry.paradigm.xyz | bash — a remote install executed without an integrity check. The wallet scripts also try to install the 'at' package via apt if missing (and will attempt sudo). Remote shell installers and on-the-fly package installs are higher-risk operations and should be considered sensitive.
Credentials
No environment variables are requested in metadata (consistent), but the skill asks users to supply secrets interactively (mnemonic/private key/password) and then stores them on disk: a temporary private key (APP_DIR/privatekey.tmp), mnemonic files (APP_DIR/mnemonic-words-*.txt) and a plaintext PASSWORD_FILE (APP_DIR/pw.txt). Storing the keystore password in a file and saving mnemonic backups (even if scheduled for deletion) is a sensitive operational choice — reasonable for an agent that will perform non-interactive sends, but disproportionate relative to a read-only assistant and risky without explicit user consent and secure storage warnings.
Persistence & Privilege
The skill is not force-enabled (always: false). SKILL.md instructs the agent to run scripts/check_wallet.sh automatically each session and to perform onboarding automatically when no wallet exists; this means the agent may autonomously access stored wallet metadata and call RPC endpoints (for balances). Autonomous invocation is permitted by default, but combined with automatic checks and the ability to accept/store secrets, it increases the operational blast radius. The skill does not request system-wide config changes beyond writing its own files and optionally installing packages via apt.
What to consider before installing
This skill implements a working wallet onboarding flow, but it takes actions you should not accept lightly. Before installing or running it: 1) Review the scripts yourself — especially 01_install_cast.sh (it runs curl | bash) and 02–03 which create and store your private key and password. 2) Do not paste real recovery phrases/private keys into the agent unless you fully trust it; prefer hardware wallets or use ephemeral test keys in an isolated environment. 3) If you need the functionality, consider manually installing Foundry/cast yourself rather than letting the script run curl | bash. 4) Expect the password to be saved in plaintext at ~/.agent-wallet/pw.txt and mnemonic backups to be created under ~/.agent-wallet/ — verify these files are deleted if you rely on automatic cleanup (the script uses 'at' and will fall back to manual cleanup if 'at' isn't available). 5) If you want to use this skill, run it in a locked-down environment (VM/container) first, or modify the scripts to avoid saving secrets on disk and to remove automatic background installs. If you are not comfortable auditing shell scripts, do not install this skill.Like a lobster shell, security has layers — review code before you run it.
latestvk97anj3fyjy8cfwqfjq301g7x580jzm7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.