ClawHub

Kite Agent Wallet

v1.0.0

Provides a modular smart wallet protocol for AI agents enabling session keys, spending limits, and secure delegated transaction management on Kite AI network.

0· 318·0 current·0 all-time
by@nihaovand
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description describe an AI-agent smart wallet; the SKILL.md provides contract addresses, RPC endpoints, and example ethers.js calls (create wallet, add session key, execute with session key) that are consistent with that purpose. There are no unrelated dependencies or surprising claims.
Instruction Scope
The runtime instructions are limited to interacting with on-chain contracts (examples use ethers.getContractFactory / getContractAt and RPC URLs). The instructions do not tell the agent to read arbitrary files, harvest environment variables, or transmit data to unknown endpoints. They do assume a provider and signer exist but do not instruct exfiltration of secrets.
Install Mechanism
Instruction-only skill with no install spec and no code files to run; nothing is downloaded or written to disk by the skill itself, which minimizes install-time risk.
Credentials
The skill declares no required environment variables or credentials (reasonable for an instruction-only spec). However, real use requires a JSON-RPC provider and signing keys (private keys, wallets or ephemeral session keys). The skill does not request these directly, so granting an agent the ability to sign or access private keys would be the principal risk — make sure any keys are provided deliberately and minimally (e.g., ephemeral session keys, hardware wallets, or dedicated agent accounts).
Persistence & Privilege
always is false and the skill is user-invocable; it doesn't request persistent system presence or modify other skills/config. Autonomous invocation is enabled by default but is not combined with other red flags here.
Assessment
This skill appears coherent for its stated purpose, but exercise caution before using it: - Source provenance is unknown (no homepage or repository). Ask the author for the contract source code and an audit or repo link. - Verify the listed contract addresses on the Kite explorers (testnet first) and inspect contract bytecode/source before sending real funds. - Never give your primary private key to an agent. Use ephemeral session keys, a dedicated agent wallet with minimal funds, or a hardware wallet for signing. - Test all flows on the testnet RPC (https://rpc-testnet.gokite.ai) and use small amounts before any mainnet interaction. - If you need higher assurance, request the full smart-contract source and an external audit; otherwise treat this as experimental and limit any funds or privileges you grant.

Like a lobster shell, security has layers — review code before you run it.

latestvk9710pqh35t5phwe12rryxdmr181v7jz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments