Privy Agentic Wallets
Security checks across malware telemetry and agentic risk
Overview
This skill is coherent and security-aware, but it gives an agent powerful Privy crypto-wallet authority that can move real funds while the registry metadata does not declare the required secret credential.
Only use this skill with a dedicated Privy app, strict wallet policies, small balances, and explicit confirmation before every transaction. Add the Privy secret only after verifying the source, and treat all wallet actions as real financial operations.
VirusTotal
63/63 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent or another prompt misuses this credential, wallets in the Privy app could be created, controlled, or drained.
The artifact explicitly states that the required Privy secret has broad financial authority, while the registry metadata says there are no required environment variables, credential declarations, or primary credential.
`PRIVY_APP_SECRET` can: - Create unlimited wallets - Sign any transaction - Drain all wallets in the app
Declare the Privy credential requirement clearly, use a dedicated low-balance Privy app, rotate secrets regularly, prefer least-privilege authorization keys where possible, and never expose the secret to other skills or logs.
A mistaken, ambiguous, or prompt-injected request could result in real funds being sent to the wrong address or an unintended contract.
The skill instructs the agent to call the raw Privy wallet RPC endpoint to execute blockchain transactions. This matches the skill purpose, but it is high-impact because on-chain transactions are real and generally irreversible.
curl -X POST "https://api.privy.io/v1/wallets/<wallet_id>/rpc" ... "method": "eth_sendTransaction"
Require explicit user confirmation for every transaction and signature, use strict spending limits and allowlists, test on testnets first, and keep only limited funds in agent-controlled wallets.
If a user installs from the live repository later, they may receive content that differs from the reviewed artifacts.
The README suggests cloning an external repository without a pinned commit. No runnable code is present in the submitted artifact set, so this is a provenance note rather than evidence of malicious behavior.
git clone https://github.com/tedim52/privy-agentic-wallets-skill.git ~/.openclaw/workspace/skills/privy
Install only from a trusted source, pin a reviewed commit or release, and re-review files after cloning before adding credentials.
Anyone with access to the workspace logs could learn details about wallet activity and transaction patterns.
The skill recommends persistent local audit logs containing wallet IDs, recipients, values, chains, confirmation status, and transaction hashes. This is useful for auditing but stores sensitive financial activity metadata.
Store logs in: `~/.openclaw/workspace/logs/privy-transactions.jsonl`
Protect the logs with appropriate file permissions, avoid logging secrets, and periodically review or rotate logs according to the user's privacy needs.