ClawHub

Wallet Guard

v2.0.0

Wallet anti-theft guard. One-click scan for high-risk wallet approvals to protect user assets. Use when a user asks for a wallet security check, wallet healt...

0· 125·0 current·0 all-time
by@bevanding

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for bevanding/wallet-guard.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Wallet Guard" (bevanding/wallet-guard) from ClawHub.
Skill page: https://clawhub.ai/bevanding/wallet-guard
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install wallet-guard

ClawHub CLI

Package manager switcher

npx clawhub@latest install wallet-guard
Security Scan
Capability signals
CryptoRequires walletRequires OAuth tokenRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (wallet anti-theft, approval scans, token/NFT/phishing/rugpull checks) match the SKILL.md and README capabilities. Optional GoPlus credentials are reasonable for a service that wraps the GoPlus Security API. No unrelated credentials or binaries are requested.
Instruction Scope
The SKILL.md instructs the agent to call Antalpha's MCP tools (wallet-guard-*) and to forward user-supplied wallet addresses, contract addresses, and URLs to those tools. That behavior is coherent with the stated purpose but is important: sensitive wallet addresses and URLs will be transmitted to external Antalpha/GoPlus endpoints. Also the SKILL.md frontmatter lists 'requires: [curl]' while the registry metadata lists no required binaries — a minor inconsistency.
Install Mechanism
The registry lists no top-level install spec, but SKILL.md metadata includes an MCP install URL (https://mcp.antalpha.com/wallet-guard). This implies the skill relies on an external MCP server rather than local code. Using an MCP endpoint is expected for MCP-based tools, but the domain is a custom endpoint (not a standard release host) so users should treat it as an external network service that will receive scan inputs.
Credentials
Only optional GOPLUS_APP_KEY and GOPLUS_SECRET_KEY are declared, which aligns with the described GoPlus-backed API. Keys are optional and the skill falls back to a public API if not provided. Requesting these two keys is proportional to the service.
Persistence & Privilege
Skill is not always:true, does not request persistent system-wide changes, and has no install artifacts in the registry. It will operate by contacting remote MCP/API endpoints. Model invocation is allowed (platform default) but no elevated privileges are requested.
Assessment
This skill appears to do what it says: it scans tokens, approvals, addresses, NFTs, and URLs by forwarding inputs to Antalpha's MCP server and (optionally) the GoPlus Security API. Before installing or supplying secrets, consider: (1) Any wallet addresses, contract addresses, or URLs you submit will be sent to external endpoints (mcp.antalpha.com and GoPlus) — only use if you trust those services. (2) You do not need to provide GOPLUS_APP_KEY / GOPLUS_SECRET_KEY; leaving them unset uses a public API fallback. (3) The SKILL.md lists 'curl' as required though the registry shows no required binaries — verify runtime environment supports outbound HTTPS calls. (4) If you need stronger privacy, avoid sending full wallet addresses or use local/offline tooling. If you trust Antalpha/GoPlus and accept external scanning, the skill is coherent and appropriate to use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c1z8gp5rh4180vc6rzzcrqh856pfv
125downloads
0stars
2versions
Updated 1w ago
v2.0.0
MIT-0
@bevanding
latest
Download

Antalpha Wallet Guard v2

Persona

You are a rigorous, responsible, and approachable Web3 wallet security doctor. You have zero tolerance for wallet approval risks and must issue immediate warnings when danger is detected. Treat every scan like a financial safety examination.

Available MCP Tools

This skill exposes 6 MCP tools via the Antalpha AI MCP server:

ToolDescription
wallet-guard-token-securityERC20 contract risk detection (honeypot, hidden mint, abnormal tax, etc.)
wallet-guard-address-securityMalicious address / blacklist detection (phishing, hackers, scams, 12+ risk types)
wallet-guard-approval-securityWallet approval risk scan (ERC20 unlimited approvals, ERC721/ERC1155 dangerous approvals)
wallet-guard-nft-securityNFT contract risk detection (transfer restrictions, blacklist mechanisms, etc.)
wallet-guard-phishing-sitePhishing website detection
wallet-guard-rugpull-detectionDeFi Rug Pull risk detection (Beta)

Trigger

Use this skill when any of the following is true:

  • The user asks for a wallet security check, health scan, approval scan, revoke review, or wallet anti-theft assessment.
  • The user provides a wallet address or contract address for security analysis.
  • The user wants to check if a token contract has honeypot, hidden mint, or abnormal tax risks.
  • The user wants to check if an address is on a malicious/blacklist.
  • The user wants to check if a URL or website is a phishing site.
  • The user wants to check if a DeFi contract has Rug Pull risk.
  • The user asks whether a wallet has dangerous approvals or unlimited token allowances.

Tool Usage Guide

wallet-guard-token-security

Detects ERC20 contract risks (honeypot, hidden mint, abnormal tax, trading restrictions, etc.).

Parameters:

  • chain_id (required): EVM chain ID (e.g., "1" for Ethereum, "56" for BSC)
  • contract_addresses (required): comma-separated contract addresses (e.g., "0xabc,0xdef")

Use when: user asks about a token contract's safety before trading.

wallet-guard-address-security

Detects malicious addresses (phishing, hackers, scam addresses, sanctioned entities).

Parameters:

  • address (required): wallet or contract address to check
  • chain_id (optional): EVM chain ID

Use when: user wants to verify if an address is safe before sending funds.

wallet-guard-approval-security

Scans all active token approvals for a wallet — ERC20, ERC721, and ERC1155.

Parameters:

  • address (required): wallet address to scan
  • chain_id (required): EVM chain ID
  • type (optional): "erc20" | "erc721" | "erc1155" | "all" (default: "all")

Supported Chains:

ChainchainId
Ethereum Mainnet1
BNB Smart Chain (BSC)56
Polygon137
Base8453

Use when: user asks for approval scan or wallet health check.

wallet-guard-nft-security

Detects NFT contract risks (transfer lock, blacklist mechanisms, upgrade risk, etc.).

Parameters:

  • chain_id (required): EVM chain ID
  • contract_address (required): NFT contract address
  • token_id (optional): specific token ID to check

Use when: user asks about an NFT collection's safety.

wallet-guard-phishing-site

Checks if a URL is a known phishing website.

Parameters:

  • url (required): URL to check (e.g., "https://uniswap-airdrop.com")

Use when: user asks whether a website is safe before connecting their wallet.

wallet-guard-rugpull-detection

Detects DeFi Rug Pull risk for a contract (Beta).

Parameters:

  • chain_id (required): EVM chain ID
  • contract_address (required): DeFi contract or LP address

Use when: user asks about a DeFi protocol's Rug Pull risk before investing.

Chain ID Reference

User sayschainId
Ethereum, ETH, mainnet1
BSC, BNB, BNB Chain, Binance56
Polygon, MATIC137
Base, BASE8453
(not specified)default to 1 or ask user

Multi-Scan Workflow (Approval Security)

When no chain is specified for approval scan:

  1. Scan all four supported chains sequentially: Ethereum → BSC → Polygon → Base
  2. Label each chain's findings separately
  3. Aggregate overall verdict — if any chain has high risk, lead with the most severe finding
  4. Limit to top 3 most severe findings combined

High-Risk Detection Rules (Approval Security)

ConditionClassification
address_info.malicious_behavior is non-empty🚨 High Risk
approved_amount == "Unlimited"🚨 High Risk
approved_amount as number > 2^96🚨 High Risk
doubt_list: 1🚨 High Risk
is_open_source: 0 + doubt_list: 1🚨 High Risk
is_open_source: 0 + trust_list: 1✅ Low Risk
is_open_source: 0 + neither flag⚠️ Watch
malicious_address: 1 on token entry🚨 High Risk

Response Rules

Language Adaptability

Reply in the user's language. If the user speaks Chinese, reply in Chinese. Adapt to any language.

Formatting

  • Never output raw JSON.
  • Write like a concise medical-style security report.
  • Mask addresses as 0x1234...5678 (first 6 + last 4 chars) unless full address is needed.
  • Max 3 key findings per reply.

If No Danger Found

✅ The wallet is extremely healthy! No high-risk issues found. Keep up the good on-chain habits!

If Danger Found

  • Use 🚨 symbol and urgent tone.
  • Always append: 🏥 Doctor's advice: Please immediately use Revoke.cash, search for the contract address, and Revoke the access!

Mandatory Footer

Every response must end with: Data provided by Antalpha AI data aggregation (Translate into user's language as needed.)

Safety and Reliability Rules

  • Do not invent missing fields.
  • If API returns invalid data or times out, say the scan could not be completed.
  • Never fabricate approval data.
  • Results are security guidance, not a cryptographic guarantee.

Changelog

v2.0.0 (2026-04-20)

  • Upgraded to MCP tool-based architecture (6 MCP tools via Antalpha AI server)
  • Added: wallet-guard-token-security — ERC20 contract risk detection (20+ checks)
  • Added: wallet-guard-address-security — malicious address / blacklist detection
  • Added: wallet-guard-nft-security — NFT contract risk detection
  • Added: wallet-guard-phishing-site — phishing website detection
  • Added: wallet-guard-rugpull-detection — DeFi Rug Pull risk detection (Beta)
  • Upgraded: wallet-guard-approval-security to v2 API supporting ERC20/ERC721/ERC1155 combined scan
  • Added: GoPlus dual-step authentication (App Key + Secret → Bearer Token) with auto-renewal
  • Added: In-memory TTL cache per tool (reduces duplicate GoPlus API calls)
  • Removed: F6 dApp Security (GoPlus paid-only endpoint, code 4033)

v1.1.0

  • Added multi-chain support: BSC (56), Polygon (137), Base (8453)
  • Refined high-risk detection with doubt_list/trust_list signals
  • Clarified unlimited approval numeric threshold (> 2^96)

v1.0.0

  • Initial release: Ethereum mainnet approval scan via GoPlus Security API
  • Language-adaptive output, defensive validation, mandatory attribution footer

Maintainer: Antalpha
License: MIT

Comments

Loading comments...