Skillv1.0.5

ClawScan security

Bitcoin Wallet for Agents using Arkade · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 12, 2026, 1:45 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code, instructions, and requested resources are consistent with a Bitcoin/Lightning wallet and swap tool: it stores a local wallet, talks to Arkade and LendaSwap SDKs, and requires no unrelated credentials — but you should verify the package source before using it with real funds.
Guidance: This skill appears internally coherent for a wallet + swap CLI: it stores keys locally (~/.arkade-wallet/config.json), uses @arkade-os SDKs and LendaSwap/Boltz libs, and requires no unrelated credentials. Before installing or running with real funds: 1) Verify the package source and publisher on npm (homepage and repository are missing in the metadata shown here). 2) Inspect the published package (dist files) or build artifacts yourself to ensure no hidden endpoints or exfiltration paths were added post-source. 3) Back up and, if possible, use a dedicated machine or isolated environment; treat the generated private key as high-value. 4) Prefer hardware/cold-wallet workflows or manual review before authorizing any 'send', 'offboard', 'swap' or other fund-moving commands; the SKILL.md states the agent must ask for explicit confirmation — ensure your agent enforces that. 5) If you rely on LendaSwap API keys or a mnemonic for persistence, understand these increase the attack surface. If you want higher assurance, ask the maintainer for a verified repository URL, audit the published npm package, or run the CLI from source in a controlled environment.

Review Dimensions

Purpose & Capability: okName/description match the implemented functionality: Bitcoin offchain/onchain ops, Lightning via Boltz, and LendaSwap stablecoin swaps. There are no unrelated required env vars or binaries. The declared config paths (~/.arkade-wallet/config.json and ~/.arkade-wallet/lendaswap.db) align with a local wallet and swap storage and are reasonable for this purpose.
Instruction Scope: noteSKILL.md and the CLI instruct the agent to run wallet-init, address/balance queries, sends, onboard/offboard, Lightning pay/invoice, and swaps. The skill explicitly calls out safety rules (agent MUST ask for explicit confirmation before executing fund-moving commands). Minor doc mismatch: README shows an 'arkade init <private-key-hex>' usage, but the CLI auto-generates and stores a key and states 'never exposed via CLI args' — inconsistent documentation but not dangerous by itself.
Install Mechanism: noteNo platform install spec was provided in the registry metadata (skill marked as instruction-only), but the SKILL.md/README expect using npm/pnpm (npx/pnpm dlx) or global npm install. The package depends on @arkade-os/sdk, @arkade-os/boltz-swap, and @lendasat/lendaswap-sdk-pure via npm — typical for this functionality. There are no download-from-URL or shortener patterns in the manifest; the lockfile lists standard npm packages. Risk is the usual npm-package risk: running remotely-published code from an unverified publisher.
Credentials: okThe skill declares no required environment variables or credentials. Optional parameters (apiKey, mnemonic) are present in LendaSwap SDK config but are optional and plausible for non-custodial swap persistence or API access. There is no request for unrelated secrets (AWS keys, SSH keys, etc.).
Persistence & Privilege: noteThe skill persists private keys and swap state to ~/.arkade-wallet/config.json and lendaswap.db; the CLI sets file perms (0600) on the config file. This is expected for a wallet but is high-impact: a local private key is created/used and the skill will perform transactions if invoked. The skill does not require always:true and doesn't modify other skills or system-wide settings.