Privy Agentic Wallets
WarnAudited by ClawScan on May 10, 2026.
Overview
Review recommended: the skill is transparent about controlling crypto wallets, but it uses a very powerful Privy secret and leaves some autonomous transaction boundaries under-specified.
Before installing, understand that this skill can help an agent move real crypto funds. Use a dedicated Privy app, strict policies, small balances, explicit confirmations for transactions and deletions, and protect the Privy App Secret and local transaction logs.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could be asked to execute or schedule crypto transactions in ways that cause irreversible fund loss if the user has not set narrow limits and approval rules.
These examples advertise non-interactive financial actions. Although the security guide requires validation and direct user intent, the artifacts do not fully define approval boundaries for autonomous or scheduled transactions involving real funds.
- Execute swaps on DEXs based on market conditions - Rebalance portfolios automatically - Trigger smart contract functions on schedule
Use only low-funded wallets, require explicit per-transaction approval unless a very narrow policy is pre-authorized, test on testnets first, and define exact limits for any autonomous strategy.
If the secret is mishandled or granted too broadly, an agent or anyone who obtains it could control all wallets in the Privy app.
The skill itself states that the credential has broad wallet and transaction authority, but the registry metadata declares no required environment variables or primary credential.
The `PRIVY_APP_SECRET` can: - Create unlimited wallets - Sign any transaction - Drain all wallets in the app
Declare the required Privy credentials in metadata, use a dedicated least-privilege Privy app for agents, fund wallets minimally, rotate secrets if exposed, and never paste the secret into chats or logs.
Local logs could reveal transaction history or wallet activity to anyone with access to the workspace.
The audit log is purpose-aligned, but it persists wallet identifiers, recipients, values, and transaction hashes on disk.
Log every wallet operation with: ... `wallet_id`, `to`, `value`, `chain` ... Store logs in: `~/.openclaw/workspace/logs/privy-transactions.jsonl`
Protect the workspace directory, avoid logging secrets, periodically review/delete old logs, and treat transaction logs as sensitive financial metadata.
Users installing from the external repository should verify they are getting the intended content.
The README points to a GitHub repository for manual installation while the supplied registry source/homepage are unknown. No executable code or install script is present in the reviewed artifacts, so this is a provenance note rather than evidence of malicious behavior.
git clone https://github.com/tedim52/privy-agentic-wallets-skill.git ~/.openclaw/workspace/skills/privy
Install from a trusted, pinned source and re-review any repository contents before adding them to an agent workspace.