Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
agent-wallet
v0.3.3Self-custodial Bitcoin Lightning wallet for AI agents. Use when the agent needs to send or receive bitcoin payments, check its balance, generate invoices, or...
⭐ 5· 1.8k·0 current·0 all-time
bySatbot@satbot-mdk
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The declared requirements (node, npx) and the runtime instructions (npx @moneydevkit/agent-wallet) match the stated purpose of running an npm-based wallet CLI/daemon. No unrelated credentials or binaries are requested.
Instruction Scope
The SKILL.md instructs the agent to run npx commands that generate and store a BIP39 mnemonic at ~/.mdk-wallet/config.json and to start a localhost daemon. It also documents an `init --show` mode that appears to return the mnemonic (the file also says the mnemonic is 'redacted' in one place and shown in another) — this ambiguity increases the risk that the agent or other actors might print or transmit the seed. The instructions give the agent the ability to create, persist, and display the private key material and to make outbound network connections; those steps are within a wallet's expected scope but are high-risk operations for secrets.
Install Mechanism
There is no bundled install; the skill relies on npx to run an npm package on-demand. Running code via npx pulls packages from the public registry at runtime and can execute arbitrary code. The SKILL.md recommends pinning a version, but the quick-start commands use unpinned npx invocations by default, which increases supply-chain risk if the npm package or its dependencies were compromised.
Credentials
The skill does not request environment variables or external credentials, which is proportionate. However it creates persistent local secrets (BIP39 mnemonic in ~/.mdk-wallet/config.json) and runs a local HTTP daemon; those files are effectively credentials controlling funds. The skill's own instructions can cause the mnemonic to be shown on stdout, which is a sensitive capability that should be carefully controlled.
Persistence & Privilege
The skill persists sensitive wallet state and a seed phrase to ~/.mdk-wallet/ and runs a background daemon on localhost:3456. This persistence is expected for a self-custodial wallet but it is high-privilege (the mnemonic controls real funds). The skill does not request always: true, nor does it modify other skills, but its persistent secret storage combined with autonomous invocation capability could increase blast radius if misused.
What to consider before installing
Before installing or invoking this skill: (1) Treat the mnemonic as a high-value secret — back it up securely and restrict permissions on ~/.mdk-wallet/. (2) Prefer pinned package invocations (e.g. npx @moneydevkit/agent-wallet@<version>) and review the npm package and GitHub source yourself to ensure there is no unexpected network exfiltration. (3) Be mindful that `init --show` may reveal the seed on stdout; avoid running it in contexts where an agent or other process can forward command output. (4) Run the wallet in an isolated environment (dedicated VM/container) if you plan to hold real funds. (5) If you do not fully trust the package or the agent's autonomy, do not enable automatic or unattended use of wallet commands — require explicit human approval before any command that exports the mnemonic, creates invoices, or sends payments. (6) If you need stronger guarantees, consider hardware-backed wallets or well-audited implementations rather than running unpinned npm packages fetched at runtime.Like a lobster shell, security has layers — review code before you run it.
latestvk977psxv7fw94mx50152npkps581wf8t
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
₿ Clawdis
Binsnode, npx