Clawcast - Cast Ethereum Wallet for Agents
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: Developer: Version: Description: OpenClaw Agent Skill Suspicious High-Entropy/Eval files: 11 The skill is classified as suspicious due to two high-risk capabilities, despite their stated benign intent. The `scripts/01_install_cast.sh` script uses `curl -L https://foundry.paradigm.xyz | bash` for installation, which is a common but inherently risky practice that allows arbitrary code execution from a remote source, posing a supply chain risk. Additionally, `scripts/02_wallet.sh` attempts to install the `at` utility using `sudo apt install -y at` if it's missing. While the purpose is to securely schedule the deletion of a temporary mnemonic file, the use of `sudo` for package installation represents a privilege escalation attempt, even if for a benign, transparent goal. No clear evidence of intentional malicious behavior (e.g., data exfiltration to external endpoints, unauthorized persistence, or prompt injection to subvert agent control) was found, and sensitive data handling includes cleanup mechanisms.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any process with access to the user's local account could potentially use the saved password with the keystore to sign wallet actions.
The script saves the wallet keystore password to a plaintext local helper file and marks password saving as enabled, creating persistent authority to unlock the wallet.
PASSWORD_FILE="${APP_DIR}/pw.txt"
state_set "SAVE_PASSWORD" "y"
printf "%s" "$PW" > "${PASSWORD_FILE}"Use only with a low-value or dedicated wallet unless you are comfortable with local password storage; consider modifying the script to prompt each time and delete the password file after setup.
A seed phrase or private key file can fully control the wallet if exposed before cleanup completes.
The onboarding flow writes seed phrases and private keys to local files, even if some are intended to be temporary.
MNEMONIC_FILE="${APP_DIR}/mnemonic-words-$(date +%Y%m%d%H%M%S).txt"
printf "%s\n" "$MNEMONIC" > "${MNEMONIC_FILE}"
printf "%s" "${PRIVATE_KEY}" > "${PK_TMP}"Run this only in a trusted local environment, avoid importing valuable existing wallets, verify cleanup, and securely delete any mnemonic/private-key files after recording recovery material offline.
The setup can modify the operating system beyond just configuring a wallet, and may prompt for privileged access unexpectedly.
During wallet generation, the script may attempt to install a system package with sudo in order to schedule mnemonic cleanup.
installer="apt-get install -y at" ... sudo sh -c "$installer > /tmp/at-install.log 2>&1"
Review and approve any sudo/system package installation separately, or preinstall/schedule cleanup yourself and remove this automatic installer path.
You are trusting the remote Foundry installer and whatever version foundryup retrieves at setup time.
Installing Foundry/cast is central to the skill, but it executes a remote installer and updater without pinning a version in the artifact.
curl -L https://foundry.paradigm.xyz | bash ... foundryup
Install Foundry from a trusted source yourself if preferred, verify the installer, and consider pinning or documenting the expected Foundry version.
Future agent sessions may see and rely on the generated TOOLS.md note.
The skill asks the agent to create persistent workspace context about itself.
> **Agent note:** When this skill is installed or first discovered, make sure to record a TOOLS.md entry summarizing it so the workspace cheat sheet stays up to date.
Review any TOOLS.md entry this skill creates and remove it if you do not want the skill represented in persistent workspace notes.