ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Use Circle Wallets

Choose and implement the right Circle wallet type for your application. Compares developer-controlled, user-controlled, and modular (passkey) wallets across...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 21 · 0 current installs · 0 all-time installs
byMadelyn@mscandlen3
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the SKILL.md content: it is a decision guide comparing Circle wallet types and directs the agent to trigger more specific wallet skills for implementation. No unusual binaries, env vars, or installs are requested, which is proportionate for a guidance skill.
Instruction Scope
The instructions stay within wallet-selection guidance, but they (a) instruct the agent to "TRIGGER" other skills by name (e.g., use-developer-controlled-wallets) which creates an implicit dependency on those skills and their privileges, and (b) include a prominent 'Always read this first' pointer to https://developers.circle.com/llms.txt (an unusual filename) — both warrant verification. The sheet contains strong prescriptive 'ALWAYS/NEVER' rules that could cause the agent to rigidly choose flows; this is stylistic but may lead to surprising behavior if the rest of the skill ecosystem isn't vetted.
Install Mechanism
Instruction-only skill with no install spec and no code files; nothing will be written to disk or executed by install, which is low risk.
Credentials
The skill requests no environment variables, credentials, or config paths — appropriate for a documentation/decision skill. However, because it instructs the agent to invoke other skills, check those skills for credential requests before granting them permission.
Persistence & Privilege
The skill is not flagged always:true and uses normal agent invocation. The main privilege-related concern is indirect: it tells the agent to invoke other wallet implementation skills — those downstream skills may require elevated credentials or persistent access, so vet them individually.
What to consider before installing
This is primarily a read-only decision guide and does not itself request credentials or install code, so the immediate risk is low. Before installing/using it: (1) verify the external links (especially https://developers.circle.com/llms.txt and the GitHub README) to ensure they point to legitimate Circle documentation; the llms.txt path looks unusual and should be checked. (2) Confirm that the referenced implementation skills (use-developer-controlled-wallets, use-user-controlled-wallets, use-modular-wallets) actually exist and review their env/credential requirements — those are the places where secrets or installs may be requested. (3) Be cautious about the 'ALWAYS/NEVER' rules: they are prescriptive and may force rigid action; understand whether they match your real-world constraints. If you want higher assurance, request the code or metadata for the downstream implementation skills before enabling agent invocation.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.1.0
Download zip
latestvk97ehs0mz1w9qh1f3fzteds799831bsy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Overview

Circle offers three wallet types -- developer-controlled, user-controlled, and modular -- each with different custody models, account types, key management, and capabilities. This skill helps you pick the right one.

Quick Comparison

Developer-ControlledUser-ControlledModular (Passkey)
CustodyDeveloperUserUser
AuthEntity secret (backend)Social login / email OTP / PINPasskey (WebAuthn)
Account typesEOA, SCAEOA, SCAMSCA only
Gas sponsorshipSCA via Gas StationSCA via Gas StationGas Station or third-party paymaster
Custom modulesNoNoYes
ArchitectureBackend SDK onlyBackend + frontend SDKsFrontend SDK only

Decision Guide

For the latest supported blockchains: https://developers.circle.com/wallets/account-types

Step 1 -- Who controls the keys?

  • Developer controls (no user approval) -> Developer-controlled wallets -> Step 3
  • End user controls -> Step 2

Step 2 -- Auth method?

  • Passkey (WebAuthn biometric) with extensible modules -> Modular wallets -> Step 4
  • Social login, email OTP, or PIN -> User-controlled wallets -> Step 3

Step 3 -- Account type?

  • Solana, Aptos, or NEAR -> EOA (only option)
  • Ethereum mainnet -> EOA (SCA gas costs prohibitive, MSCA not supported)
  • L2 (Arbitrum, Base, Polygon, Optimism, etc.) -> SCA if gas sponsorship or batching needed; EOA if max TPS needed

Step 4 -- Chain check (Modular wallets)

  • Supported: Arbitrum, Avalanche, Base, Monad, Optimism, Polygon, Unichain
  • NOT supported: Ethereum, Solana, Aptos, NEAR. Fall back to user-controlled wallets with SCA.

Example Scenarios

ScenarioDecisionSkill
Payment backend, programmatic payouts, high TPSDeveloper-controlled + EOAuse-developer-controlled-wallets
Consumer app with Google/Apple login, gasless UXUser-controlled + SCA on L2use-user-controlled-wallets
DeFi app with biometric auth, custom modulesModular on L2use-modular-wallets
NFT marketplace on Ethereum L1User-controlled + EOAuse-user-controlled-wallets
AI agent, autonomous multi-chain transactionsDeveloper-controlled + EOAuse-developer-controlled-wallets

Implementation Patterns

Once a wallet type has been determined, TRIGGER the corresponding skill:

  • Developer-controlled -> use-developer-controlled-wallets skill
  • User-controlled -> use-user-controlled-wallets skill
  • Modular (Passkey) -> use-modular-wallets skill

Strict Rules

  • ALWAYS select the wallet type before starting implementation using the comparison table and decision guide above.
  • ALWAYS use EOA on Ethereum mainnet (SCA gas prohibitive, MSCA not supported) and on Solana, Aptos, NEAR (SCA/MSCA not available).
  • ALWAYS prefer SCA or MSCA on L2 chains (Arbitrum, Base, Polygon, Optimism, etc.) when gas sponsorship or batch operations are needed.
  • NEVER mix wallet types in a single user flow -- pick one and use its corresponding skill.
  • ALWAYS delegate to the specific wallet skill (use-developer-controlled-wallets, use-user-controlled-wallets, or use-modular-wallets) for implementation.

Reference Links

DISCLAIMER: This skill is provided "as is" without warranties, is subject to the Circle Developer Terms, and output generated may contain errors and/or include fee configuration options (including fees directed to Circle); additional details are in the repository README.

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…