EVM Crypto Wallet for Your Agent
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: evm-wallet Version: 1.0.3 The OpenClaw AgentSkills skill bundle for 'evm-wallet' is classified as benign. While it handles sensitive operations like cryptocurrency transfers and private keys, the `SKILL.md` file contains explicit and strong instructions for the AI agent to prioritize user confirmation before executing any financial transactions (e.g., `transfer.js`, `swap.js`, `contract.js` write operations). Crucially, it repeatedly warns the agent and user to 'NEVER expose your private key!' and 'Never share the contents of ~/.evm-wallet.json', actively instructing against data exfiltration. The installation process involves `git clone` and `npm install` from `https://github.com/surfer77/evm-wallet-skill.git`, which introduces a standard supply chain risk, but the instructions themselves do not exhibit malicious intent or prompt injection attacks against the agent; rather, they implement safeguards.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the remote repository or dependencies are compromised or changed, the installed code could access the local wallet key or submit unwanted transactions.
The reviewed package is instruction-only, yet it tells the agent to fetch unpinned remote code and install dependencies before use. That code would manage private keys and financial transactions.
git clone https://github.com/surfer77/evm-wallet-skill.git /tmp/evm-wallet-tmp ... cp -r /tmp/evm-wallet-tmp/* "$SKILL_DIR/" ... cd "$SKILL_DIR" && npm install
Only install from a reviewed, pinned commit or packaged release with included source and lockfiles. Avoid using this with meaningful funds until the implementation and dependencies are audited.
A failed path detection could make setup attempt to write remote files to an unintended protected or broad location, causing install failure or unwanted file placement.
The shell snippet does not check whether SKILL_DIR is empty before copying. If none of the listed directories exists, the target can resolve outside the intended skill directory, such as '/'.
SKILL_DIR=$(ls -d ... 2>/dev/null | head -1) ... cp -r /tmp/evm-wallet-tmp/* "$SKILL_DIR/"
Add an explicit guard that aborts if SKILL_DIR is empty, and require user confirmation before any copy/install step.
Anyone or any process that obtains the private key can move the wallet’s funds, and confirmed blockchain transactions may be irreversible.
The skill creates and uses a local wallet private key and can sign transfers. This is purpose-aligned for a wallet and disclosed, but it is direct authority over funds.
The private key is stored at `~/.evm-wallet.json` (chmod 600). ... node src/transfer.js <chain> <to_address> <amount> --yes --json
Use a fresh low-value wallet for testing, protect and back up the key securely, and manually verify recipient addresses, token contracts, chains, amounts, and gas before approving transactions.
Users may assume wallet operations are fully local, while balance checks, swaps, or transaction submission can reveal wallet addresses, trade intent, or activity metadata to external providers.
The 'no external API dependencies' statement conflicts with later instructions that rely on Odos and RPC providers. Users may misunderstand what network services are involved.
Private keys stored locally, no external API dependencies. ... Powered by Odos aggregator ... "RPC error" → Retry once, automatic failover built in
Clarify that private keys stay local but blockchain RPC and Odos/provider calls may occur, and document what data is sent to which services.