ClawHub

EVM Crypto Wallet for Your Agent

v1.0.3

Self-sovereign EVM wallet for AI agents. Use when the user wants to create a crypto wallet, check balances, send ETH or ERC20 tokens, swap tokens, or interact with smart contracts. Supports Base, Ethereum, Polygon, Arbitrum, and Optimism. Private keys stored locally — no cloud custody, no API keys required.

3· 3.1k·12 current·12 all-time
by@surfer77
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the actions described (create wallet, check balance, send tokens, swap, contract calls). Requiring node and git aligns with the script-based implementation. However, the skill references a persistent wallet file (~/.evm-wallet.json) yet the registry metadata did not declare any required config paths — an inconsistency worth noting.
!
Instruction Scope
SKILL.md instructs the agent/user to git clone and run npm scripts (node src/*.js) that will create and use a local private key file and perform network operations (transfers, swaps, contract writes). Those runtime commands will execute arbitrary JavaScript from a third-party repo and can perform transactions; although the doc emphasizes requiring user confirmation before transfers, the agent is still given the ability to run those commands. The instructions do not document which RPC endpoints or secrets (if any) the scripts use, and they reference a local key file that was not declared in the manifest.
!
Install Mechanism
There is no formal install spec in the registry; instead SKILL.md instructs cloning https://github.com/surfer77/evm-wallet-skill.git and running npm install. Pulling and executing arbitrary repo code (and running npm install which may run postinstall scripts) is a higher-risk install mechanism even though the host is GitHub. The skill effectively performs a remote code fetch+execute at runtime without a vetted packaging step.
!
Credentials
The skill declares no required env vars or config paths, yet it creates and depends on a persistent private key file (~/.evm-wallet.json). It also claims 'no API keys required' but gives no details about RPC providers or how network access is configured. Absence of declared config/credential requirements while instructing to create and use a sensitive private-key file is disproportionate and opaque.
Persistence & Privilege
always:false and no cross-skill config changes — good. But the skill will persist a private key file in the user's home (~/.evm-wallet.json) and will clone code into the skill directory, giving it ongoing local presence. Because autonomous invocation is allowed by default, there is a risk an agent could (if misconfigured or malicious) execute wallet operations; the SKILL.md does state to require explicit user confirmation for transfers, which mitigates but does not eliminate risk.
Scan Findings in Context
[NO_CODE_FILES_IN_REGISTRY] expected: The scanner found no code in the registry bundle (this is an instruction-only skill). That is consistent with an instruction-only skill, but the SKILL.md tells the user to clone and run remote code from GitHub at runtime — the scanner had nothing to analyze locally, so runtime risks remain.
What to consider before installing
This skill will clone and run third‑party Node code and will create a local file (~/.evm-wallet.json) containing your private key. Before installing or running it: 1) Inspect the GitHub repository (https://github.com/surfer77/evm-wallet-skill) and review all scripts (especially setup.js, transfer.js, swap.js and package.json postinstall hooks). 2) Do not run npm install or setup on a machine containing valuable funds — prefer an isolated VM or disposable environment. 3) Consider using a hardware wallet or a well‑audited wallet implementation instead of a custom local private key file. 4) Verify where the scripts send RPC requests (which endpoints) and whether any secrets are hard-coded. 5) If you proceed, backup the key, set strict permissions (chmod 600), and require manual confirmation before any transfer; remove autonomous invocation for the agent or restrict the skill until you trust the code. If you cannot review the repo or confirm provenance, avoid installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e2hxbzbd11p7n8m9ycdrqv980gaqj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

💰 Clawdis
Binsnode, git

Comments