ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Wallet Safety Checkup

v1.0.0

A practical security review skill that checks wallet and backup habits for obvious weak points. Use when the user wants to audit their crypto security setup....

0· 63·0 current·0 all-time
byhaidong@harrylabsj

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for harrylabsj/wallet-safety-checkup.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Wallet Safety Checkup" (harrylabsj/wallet-safety-checkup) from ClawHub.
Skill page: https://clawhub.ai/harrylabsj/wallet-safety-checkup
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install wallet-safety-checkup

ClawHub CLI

Package manager switcher

npx clawhub@latest install wallet-safety-checkup
Security Scan
Capability signals
CryptoRequires walletRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims to be a chat-driven, self-report wallet audit. Nothing in that description justifies reading files from a user's home directory. handler.py reads /Users/jianghaidong/.openclaw/skills/{skill_name}/SKILL.md via an absolute, hard-coded path, which is disproportionate and unrelated to the described purpose.
!
Instruction Scope
SKILL.md explicitly says 'self-report only' and 'No real-time scanning or forensic validation.' The runtime code contradicts this by performing filesystem access to a specific local path. The instructions do not mention reading local files or other system state, so the code expands scope unexpectedly.
Install Mechanism
No install spec is provided (instruction-only), which is low risk. There are two small code files bundled, but no installation or external downloads are requested.
Credentials
The skill declares no required environment variables or credentials (appropriate for a self-report tool). However, the code accesses a hard-coded path in a specific user's home directory; while not a credential, this filesystem access may allow reading local files if the handler is executed.
Persistence & Privilege
always is false and normal autonomous invocation is allowed. The skill does not request persistent privileges or modification of other skills. The main concern is the file access behavior combined with the ability to invoke the handler, not a persistent privilege flag.
What to consider before installing
This skill is suspicious because its code tries to read a hard-coded path in a user's home directory (/Users/jianghaidong/.openclaw/skills/{skill_name}/SKILL.md), which is unrelated to the described self-report wallet audit. Before installing or enabling it, ask the publisher why the handler needs to read that path (and why it's hard-coded to a specific home). Prefer a version that: (1) does not perform any filesystem reads, or (2) reads only its own packaged SKILL.md via a relative path or bundled resource, and (3) documents exactly what data it accesses. If you must run it, run it in a constrained/sandboxed environment and do not give it access to sensitive files. If you cannot get a clear explanation, avoid installing or enabling the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk9719tpxchsz6men0cf9hrrpbn84wr74
63downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
haidong@harrylabsj
latest
Download

wallet-safety-checkup

A practical security review skill that checks wallet and backup habits for obvious weak points.

Workflow

  1. Ask about seed phrase handling, backup location, password practices, 2FA, device hygiene, and phishing habits.
  2. Score the setup in plain language: green, yellow, or red.
  3. Identify the biggest recoverability and theft risks.
  4. Rank fixes by impact and ease.
  5. End with a monthly self-check routine.

Output Format

  • Safety snapshot
  • Top 3 risks
  • Fix-now actions
  • Nice-to-improve actions
  • Monthly re-check list

Quality Bar

  • Prioritized and specific.
  • Encourages better habits without shaming the user.
  • Distinguishes between theft risk and recovery risk.
  • Does not overclaim certainty when information is incomplete.

Edge Cases

  • If the user refuses to share details, mark areas as unknown, not safe.
  • Cannot verify the real security posture of a device or wallet.

Compatibility

  • Self-report only, works well in chat.
  • No real-time scanning or forensic validation.

Comments

Loading comments...