OpenFunderse Participant
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This blockchain bot is mostly disclosed, but it handles a wallet private key and can submit or move funds through npm-fetched runtime code, persistent configuration changes, and daemon behavior broader than its allocation-only description.
Treat this as a high-impact blockchain automation skill. Before installing, review the npm package source, use only a fresh dedicated low-value participant wallet, keep explicit-submit protections enabled, avoid daemon/auto-submit until tested, prefer HTTPS trusted relayers, and consider disabling global OpenClaw env sync and gateway restart during setup.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may grant the skill authority to move or redeem funds, not just validate or submit allocation claims.
The advertised command surface includes vault fund-movement operations even though the stated role is allocation-claim-only; the submit variants are high-impact blockchain actions.
Participant role proposes and validates `AllocationClaimV1` only. ... /deposit --amount <wei> ... [--submit] ... /withdraw --amount <wei> ... [--submit] ... /redeem --shares <wei> ... [--submit]
Install only if these vault actions are intended, use a dedicated low-value wallet, and require explicit review before any submitted transaction.
If the key is over-funded, reused, mishandled, or exposed, funds and on-chain permissions could be lost or abused.
The skill requires a private signing key that can authorize blockchain actions; combined with submit and vault commands, this is high-impact delegated authority.
`PARTICIPANT_PRIVATE_KEY` is highly sensitive. Use a dedicated wallet key for this bot; never reuse treasury/admin keys.
Use a new dedicated participant wallet with minimal funds and permissions, never use treasury/admin keys, and verify how the runtime stores and uses the private key before production use.
The clean static scan does not evaluate the code that will actually install or run the bot, so users cannot assess key handling or transaction logic from these artifacts alone.
The skill depends on npm-fetched code that is not included in the supplied artifacts; this runtime would handle sensitive wallet and transaction behavior.
Installing via `npx @wiimdy/openfunderse@2.0.0 ...` executes code fetched from npm. Prefer pinning a known version (as shown) and reviewing the package source before running in production.
Review the npm package source and integrity, pin the exact version, and test in a disposable environment before supplying any real private key.
Other skills may see changed environment values or be interrupted by a gateway restart, and sensitive bot credentials may persist in shared runtime configuration.
The skill's default setup can change global OpenClaw configuration and restart the gateway, allowing one setup action to affect unrelated skills or sessions.
By default, `install` and `bot-init` also sync env vars into `~/.openclaw/openclaw.json` and `bot-init` runs `openclaw gateway restart`. This mutates global OpenClaw runtime state and can affect other skills.
Back up OpenClaw config first, consider `--no-sync-openclaw-env` and `--no-restart-openclaw-gateway`, and verify the final environment values after setup.
A daemon could keep making or submitting allocation actions beyond a single user request if configured unsafely.
The skill exposes a long-running daemon mode that can operate on an interval and optionally submit actions; the provided artifact does not clearly define containment, stop conditions, or transaction limits.
/participant_daemon --fund-id <id> --strategy <A|B|C> [--interval-sec <n>] [--epoch-source <relayer|fixed>] [--epoch-id <n>] [--submit]
Run daemon mode only with explicit supervision, conservative intervals, clear stop procedures, and submit disabled unless continuous submission is truly intended.
Misconfigured relayer hosts or HTTP transport could expose signed requests or route actions through an unintended endpoint.
The skill communicates with an external relayer and includes host trust and HTTP allowance configuration, which are expected for this integration but important to configure safely.
This skill authenticates relayer write APIs with an EIP-191 message signature ... RELAYER_URL ... PARTICIPANT_TRUSTED_RELAYER_HOSTS ... PARTICIPANT_ALLOW_HTTP_RELAYER
Use HTTPS relayers, restrict trusted hosts tightly, and leave HTTP relayer allowance disabled unless testing in a controlled local environment.