Bitcoin Wallet for Agents using Arkade
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a disclosed Bitcoin wallet skill, but it gives an agent real money-moving authority and has documentation/provenance gaps that users should review carefully.
Use this only if you trust the publisher and are comfortable giving an agent access to a Bitcoin wallet. Do not pass private keys in command-line arguments, keep only small test funds in the wallet, verify every amount and destination before approving, and review the npm package/provenance issues before installing.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent invokes a money-moving command with the wrong address or amount, Bitcoin could be sent irreversibly.
The send command transfers funds once invoked. SKILL.md requires the agent to ask for confirmation, but this code path does not show a built-in confirmation prompt, spending limit, or allowlist.
const result = await bitcoin.send({ address, amount: sats });
console.log(`Sent ${formatSats(sats)} sats`);Only use this skill with explicit per-transaction confirmation. Verify the destination, amount, network, and fees yourself, and start with small test amounts.
Anyone who gains access to the local wallet config may be able to spend the wallet's funds.
The skill stores a wallet private key locally. This is purpose-aligned for a wallet and the artifacts set file permissions, but the key controls funds.
const config = {
privateKey,
serverUrl: url,
createdAt: new Date().toISOString(),
};
saveConfig(config);Protect ~/.arkade-wallet/config.json, avoid using large balances, back up keys securely, and consider a dedicated low-value wallet for agent use.
A user following the README could accidentally expose an existing wallet private key.
README.md instructs users to pass a private key on the command line, while SKILL.md and the CLI comments describe auto-generated keys that are not exposed via CLI args. Passing private keys as arguments can expose them in shell history or process listings.
# Initialize wallet arkade init <private-key-hex>
Do not pass private keys on the command line. Use the auto-generated wallet flow unless the documentation and code are corrected and you understand the key-handling risks.
The exact code used for stablecoin swap dependency behavior may be unclear or unreproducible from the provided artifacts.
The provided manifest does not include the referenced patches directory/file, so the reviewed artifacts do not fully show the dependency modifications used for the LendaSwap SDK.
patchedDependencies: '@lendasat/lendaswap-sdk-pure@0.0.2': patches/@lendasat__lendaswap-sdk-pure@0.0.2.patch
Install only from a trusted, verifiable source. The publisher should include the referenced patch file, pin dependencies, and align registry/package provenance before users entrust funds.
The agent may execute code fetched through npm/pnpm rather than only using a purely instruction-only skill.
The skill is listed as having no install spec, but its setup instructions rely on downloading and executing an npm package. That can be legitimate, but it should be reviewed carefully for a financial wallet.
pnpm dlx @arkade-os/skill init pnpm dlx @arkade-os/skill address # Using npx npx -y -p @arkade-os/skill arkade init
Confirm the npm package identity and version before running npx/pnpm commands, and prefer a pinned, audited installation path.