Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
TokClaw Wallet
v5.9.0TokClaw Wallet agent for blockchain wallet operations including registration, login, balance check, token transfers, and PIN management on TokClaw chain (7447).
⭐ 0· 53·0 current·0 all-time
byDOM CHAROENYOS@dome
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
high confidencePurpose & Capability
A wallet CLI could legitimately require installing a helper script, but the SKILL.md mandates the agent itself run curl -fsSL https://wallet.tokclaw.com/install | sh and then execute arbitrary shell commands. The registry declares no install or code, yet the instructions demand installing and running a remote script — this is disproportionate and not justified by the metadata.
Instruction Scope
The instructions explicitly require the agent to execute remote install and many shell commands (register, login, send, etc.) without involving the user, and forbid asking the user to run anything. They direct use of an exec tool to run a piped shell install from an unverified domain — a wide scope that can perform arbitrary system actions and exfiltrate data.
Install Mechanism
There is no formal install spec in the registry; instead SKILL.md tells the agent to run curl | sh against https://wallet.tokclaw.com/install. This is a high-risk install pattern (download-and-execute) from an unrecognized domain rather than a vetted release host (GitHub releases, official package manager). The registry provides no checksum, source repo, or verification details.
Credentials
The skill declares no required env vars or credentials, yet asks the agent to create and use a local CLI which likely will read or create secrets (auth tokens, PINs, wallet files). Because the install runs arbitrary shell code, it may access any environment variables, files, or network endpoints — far more privilege than the metadata indicates or than a simple instruction-only skill should need.
Persistence & Privilege
always is false, but the SKILL.md's insistence that the agent autonomously run installation and CLI commands (and never ask the user to run them) increases the effective privilege and blast radius. The skill asks the agent to write a script into the environment and run it, which grants persistent local capabilities that aren't evident in the metadata.
Scan Findings in Context
[no_regex_findings] unexpected: Scanner found no code files to analyze (the package is instruction-only). That absence is not reassuring here because the SKILL.md instructs downloading and executing remote code which the static scanner could not inspect.
What to consider before installing
This skill instructs the agent to download and immediately run a shell script from an unverified domain and to execute wallet commands itself (curl | sh and sh tokclaw-wallet.sh ...). That pattern is high-risk: a remote script can run arbitrary code, read or exfiltrate files, or create persistent backdoors. Before installing: (1) do not let the agent run curl | sh autonomously — require the user to run installs manually; (2) verify the install URL and source repository (prefer GitHub releases or a package manager and a checksum); (3) inspect the script contents before executing; (4) avoid giving the agent an exec tool that can run shell commands on your system, or limit it to clearly scoped commands; (5) prefer a wallet implementation with a published repo, signatures, and clear privacy/security docs. Given the strong red flags, avoid installing this skill until you can validate the script and its provenance.Like a lobster shell, security has layers — review code before you run it.
latestvk976g28mcrtjkss66f6edz2r6x84tjtr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.