Clawcast - Easiest Ethereum Crypto Wallet

Security checks across malware telemetry and agentic risk

Overview

This is a real EVM wallet helper, but it stores and uses highly sensitive wallet material locally and can perform under-scoped installation steps.

Use this only as a high-risk hot-wallet helper. Do not import an existing valuable seed phrase or private key, keep only limited funds in any generated wallet, review installation commands before running them, avoid granting sudo during wallet setup, and require explicit human confirmation before any transaction is signed or broadcast.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (11)

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: Instructing the agent to maintain TOOLS.md expands the skill into workspace maintenance unrelated to core wallet operations. While not as severe as key handling issues, it creates unexpected file-writing behavior and broadens the blast radius of the skill beyond its declared purpose.

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: Persistent transaction logging to workspace files is outside the stated wallet/network-helper scope and stores wallet addresses, hashes, and descriptions in a durable local record. This creates privacy and operational security risk because transaction metadata can reveal account activity and relationships even without private keys.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: This wallet-management script unexpectedly performs system package installation and may invoke privilege escalation solely to support delayed deletion of a mnemonic file. In the context of a secret-handling wallet tool, silently expanding scope to package management increases attack surface and can lead users to grant sudo privileges to code that should not need them.

Description-Behavior Mismatch

Medium

Confidence: 97% confidence
Finding: The script explicitly stores the keystore password in a plaintext file at ${APP_DIR}/pw.txt, then later uses that file to unlock the wallet. Even with umask 077 and chmod 600, plaintext persistence materially weakens wallet security because any process or user that gains access to the account, workspace, backups, or logs can recover the password and decrypt the keystore, leading to private key compromise.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs the agent to automatically probe wallet state and display address, keystore path, network, and balance without an explicit user-triggered action. In crypto contexts this is sensitive operational metadata, and automatic disclosure can leak private environment details to the user interface, logs, or observers.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The skill directs collection and local storage of mnemonics, private keys, and keystore passwords, including saving a plaintext mnemonic file and a local helper password file. In a wallet-management context this is extremely dangerous because compromise of those files enables full theft of on-chain assets, and the delayed-deletion approach still leaves a high-value exposure window.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill writes wallet and transaction metadata to a workspace log without a clear privacy warning or consent step. Even if no secret keys are logged, persistent records of addresses and transaction mentions can expose financial activity, counterparties, and investigation targets.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script downloads and executes a remote installer in one step without any integrity verification or explicit confirmation. If the remote host, TLS trust chain, DNS resolution, or delivery path is compromised, arbitrary shell code will run immediately on the user's machine.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The script auto-installs the 'at' package via shell commands without upfront notice or explicit confirmation, which is unsafe behavior for a wallet utility that handles mnemonics and private keys. Users may be surprised into authorizing package installation or sudo execution while focused on wallet setup, creating a trust and privilege-boundary violation.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The script writes the password to disk immediately after a short note, without a separate confirmation or safer default behavior. In a wallet-management skill, this increases the chance that operators unknowingly leave a reusable decryption secret on disk, undermining the protection the keystore is supposed to provide.

Ssd 3

Medium

Confidence: 92% confidence
Finding: Persistent chat-adjacent logging of wallet and transaction details creates durable sensitive metadata that may outlive the user's intent and be accessible to other tools, collaborators, or backups. In cryptocurrency workflows, this information can be used for profiling, targeting, and deanonymization.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal