v1.0.4

Open Wallet

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:32 AM.

Analysis

The skill is transparent about its purpose, but it can create links for high-impact wallet transactions or signatures through a third-party site, so users should review every request carefully.

GuidanceUse this skill only if you are comfortable approving wallet actions through tx.steer.fun. Before opening any generated link, check the decoded wallet method, chain, recipient contract, value, calldata or message, and any redirect destination. Do not approve unfamiliar transactions or signatures.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

Use when an agent needs the user to approve/execute a JSON-RPC request (e.g. eth_sendTransaction, personal_sign, eth_signTypedData_v4, wallet_sendCalls)

The skill supports raw wallet JSON-RPC actions including transactions, signatures, typed-data signing, and batch calls; if approved, these can have irreversible financial or account-authorization effects.

User impactA mistaken or maliciously constructed link could lead the user to approve an unwanted transaction or sign data that affects assets or account access.

RecommendationOnly use this for user-requested wallet actions, and always show the decoded method, chain, recipient, value, calldata/message, and expected result before the user opens the link.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

The page shows the request, prompts them to connect their wallet, switches to the requested chainId, then executes the JSON-RPC request.

The workflow uses the user's wallet authority to execute the requested action. This is purpose-aligned and user-approved, but it is still a sensitive account permission boundary.

User impactApproving the wallet prompt can spend funds, interact with contracts, or produce signatures tied to the user's wallet identity.

RecommendationUsers should verify the domain, chain, connected account, contract, amount, and wallet prompt details, and should never provide seed phrases or approve unfamiliar requests.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusConcern

SKILL.md

`redirect_url` (optional): where to redirect after success/failure with the result. ... the app appends `resultType`/`result` (or `error`) query params to `redirect_url`.

Wallet results, including signatures or JSON responses, can be automatically sent through an arbitrary redirect URL; the artifact does not define an allowlist, consent step, or destination validation.

User impactA signature, transaction result, or error detail could be exposed to an unintended site, deep link, browser history, or logs if the redirect destination is unsafe.

RecommendationPrefer manual copy for sensitive signatures, or use only trusted redirect destinations that are shown clearly to the user before approval.