ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agentic Wallet

v1.0.2

Create and manage crypto wallets for AI agents. Four providers — Coinbase (managed), Tempo/Stripe (passkey), MoonPay/OpenWallet (self-custody), Crossmint (ma...

0· 84·0 current·0 all-time
by@smukh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (agent crypto wallets) matches the instructions: provider selection, setup, balance, backup/recover, and non-interactive operation. Required binary (node) is reasonable for an npm CLI. No unrelated credentials or capabilities are requested.
Instruction Scope
The SKILL.md keeps to wallet-management tasks, but it explicitly instructs the agent/user to create and read sensitive files (password-file, api-key-file, e.g., ~/.secrets/*.txt) and to run non-interactive commands that could allow autonomous fund operations. These file reads/writes are functionally necessary but materially expand the trust surface (local secret storage, seed phrases, backups).
!
Install Mechanism
There is no packaged install spec in the registry; the skill expects use of `npx agentic-wallet`, which will fetch and execute an npm package at runtime. Dynamic npx/npm execution is a supply-chain risk because it runs external code that is not pre-vetted by the platform. The SKILL.md metadata also references installing the same Node package, reinforcing that code will be pulled from the public npm registry.
Credentials
The skill does not declare required environment variables (none listed) which matches the package being CLI driven, but it relies on local secret files (passwords, Crossmint API keys). Requesting these secrets is proportional to wallet management, yet storing them as plaintext under ~/.secrets and instructing automated non-interactive usage increases the risk of accidental exposure or misuse. No unrelated credentials are requested.
Persistence & Privilege
always:false and user-invocable:true are appropriate. However, autonomous model invocation is allowed (disable-model-invocation:false), and because the skill can create/use wallets and potentially send/receive funds, autonomous actions could have high impact. The skill does not request system-wide config changes or other skills' credentials.
What to consider before installing
This skill appears to do what it claims, but it requires running a Node CLI via npx (which downloads and executes code from the npm registry) and it instructs you to store/read sensitive secrets (passwords, API keys, seed/backups) on disk for non-interactive use. Before installing or enabling: (1) review the npm package and the linked GitHub repo source code to ensure it is trustworthy; (2) avoid storing secrets in plaintext—use a secure secret manager or hardware key when possible and limit file permissions; (3) restrict API keys to minimal scopes and prefer ephemeral credentials; (4) consider disabling autonomous invocation for this skill (require user confirmation) until you audit the code and test in a safe environment; and (5) if you cannot audit the package, treat npx-executed tools that manage funds as higher-risk and prefer alternatives with verifiable builds/releases.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a69xwcpbr8h1hv994t2k2a1842abc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

wallet Clawdis
Binsnode

Comments