Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
WalletChan
v1.0.0Interact with web3 dapps using the WalletChan browser extension via Chrome CDP. Use when the user asks to connect a wallet, swap tokens, supply/deposit to De...
⭐ 0· 138·0 current·0 all-time
byApoorv Lathey@apoorvlathey
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (WalletChan browser-wallet automation) aligns with the runtime instructions: it requires Chrome with remote debugging and the WalletChan extension and describes navigating dapps, unlocking the extension, and confirming transactions. There are no unrelated binaries, installs, or credentials requested in the metadata that would be out of place for this purpose.
Instruction Scope
The SKILL.md instructs the agent to control the browser via CDP, open dapp pages, click UI elements, enter the Agent Password to unlock the wallet, and confirm or reject transactions. Those actions are within the stated purpose but grant the agent direct capability to move funds if the Agent Password is provided. The doc also references using features like 'Simulate on Tenderly' (potential external data transmission via the extension UI) — this may send transaction data to third-party services. The instructions require the user to share a secret (Agent Password) with the agent, which is expected for this capability but is high privilege and should be treated carefully.
Install Mechanism
This is instruction-only with no install spec and no code files, so nothing is written to disk by the skill itself. That minimizes supply-chain risk; the only installation step is the user installing the WalletChan extension and running Chrome with remote debugging, which the README correctly documents.
Credentials
The skill asks the user to set and share an Agent Password (a runtime secret) but declares no required environment variables or primary credential in the registry metadata. Requiring the Agent Password is proportional to the task (unlocking the extension to confirm txs), but the skill's metadata does not reflect that a secret will be needed. The SKILL.md explicitly warns not to share the Master Password, which is appropriate.
Persistence & Privilege
always is false and there is no install that modifies other skills or system config. Autonomous invocation is allowed by default (disable-model-invocation: false) — this is platform standard, but note that autonomous invocation combined with the ability to unlock and confirm transactions would give the skill significant power if the Agent Password is provided.
Assessment
This skill appears to do what it says, but it needs the user's Agent Password to unlock the wallet and confirm transactions — that effectively gives the agent the ability to move funds. Only share an Agent Password if you trust the agent invocation and will supervise every action. Never share your Master Password. Recommended precautions: (1) Use a dedicated Chrome profile/user-data-dir with only WalletChan installed; (2) run Chrome with remote-debugging only when you intend to use the skill and close it afterwards; (3) do not enable autonomous invocation for this skill unless you trust it completely—prefer manual invocation or require explicit confirmation for every transaction; (4) consider using a limited, emptied wallet or low-value test funds for initial trials; (5) ask the developer to declare the Agent Password requirement in the skill metadata so it's visible before install; (6) be cautious with features that send data externally (e.g., Tenderly simulations) — confirm whether transaction data will be transmitted and to what endpoint before using those features.Like a lobster shell, security has layers — review code before you run it.
latestvk97ay6me1a3qcgej54gjydcqed8354z9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.