Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agentwallet Sdk
v1.1.0Manage on-chain spend limits for AI agents with ERC-6551 wallets, enforcing per-tx and daily token budgets, scoped operator access, and approval queues on Base.
⭐ 0· 490·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
Metadata/description claims spend-limit enforcement, ERC-6551 wallets, scoped operators and approval queues on Base, but the included SKILL.md shows examples for ERC-4337 smart accounts, basic transfers, Uniswap/CCTP operations and x402 payments with no code or prose implementing spend limits, approval queues, or ERC-6551. Version fields disagree (registry 1.1.0, skill.json 1.0.0, SKILL.md references npm v2.4.1). Homepage/source are missing. These inconsistencies mean the skill may not do what it claims.
Instruction Scope
SKILL.md instructs installing an external npm package and shows code that expects a privateKey variable (agent-held secret) and performs payments, swaps and bridging to arbitrary endpoints/chains. There are no concrete safeguards, no declared storage or approval workflow, and no instructions for enforcing per-tx/day budgets even though the top-level description emphasizes them. The instructions therefore give broad discretion to sign and send value without specified guardrails.
Install Mechanism
This is an instruction-only skill (no install spec or code bundled), which is lower static risk, but the SKILL.md explicitly directs 'npm install agentwallet-sdk' — instructing the agent to fetch and run external code at runtime. npm is a well-known host, but the package version in the document differs from other metadata and no source/homepage repository is provided, increasing uncertainty about what will be installed.
Credentials
The skill requests no environment variables or primary credential, yet its example usage requires a private key and blockchain RPC/API access (for payments, bridging, swaps). A wallet SDK that signs transactions typically requires secrets and provider endpoints; their absence from the declared requirements is disproportionate and unexplained. That gap increases the risk of ad-hoc secret handling or insecure prompts at runtime.
Persistence & Privilege
The skill does not request 'always: true' and does not claim to modify other skills or system-wide settings. Autonomous invocation is enabled (platform default), which is expected for an operational SDK, but this combined with the other concerns increases operational risk; by itself the persistence/privilege model is acceptable.
What to consider before installing
Do not install or use this skill in a production agent until the author/source is verified. Ask for: (1) a repository or homepage and signed release artifacts so you can inspect the actual npm package (match package name, version, and author), (2) audited smart contract addresses and the specific on-chain mechanism implementing per-tx/day spend limits and how approvals are enforced, (3) explicit instructions for secure private key handling (recommended: hardware secure enclave or platform-managed secret store) and which environment variables or RPC/API keys are required, and (4) a clear threat model describing what the agent will be allowed to sign/submit automatically. If you must test, run it in an isolated sandbox with no real funds and monitor outbound network calls and filesystem access. If you cannot obtain clear answers and source code, treat the package as untrusted.Like a lobster shell, security has layers — review code before you run it.
latestvk974abbk2p43kzzfgehcn9bjx981vvhy
License
MIT-0
Free to use, modify, and redistribute. No attribution required.