ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

wallet

v0.1.18

A multi-chain wallet skill for AI agents, with local sandbox signing, secure PIN handling, and configurable risk controls.

0· 99·0 current·0 all-time
byWill Jefferson​@willjefferson0
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires walletCan sign transactionsRequires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, and runtime instructions align: this is a local sandbox wallet that needs a sandbox URL and bearer token (CLAY_SANDBOX_URL and CLAY_AGENT_TOKEN). The skill reads local config files (.env.clay and identity.json) and starts/stops a local sandbox binary; those abilities are appropriate for a wallet skill.
!
Instruction Scope
SKILL.md and wrapper scripts direct the agent to read skills/claw-wallet-test/.env.clay and identity.json for CLAY_SANDBOX_URL and the bearer token, and to call local sandbox endpoints (e.g. /api/v1/wallet/init). That is expected. However the instructions also explicitly tell the agent to fetch and run a remote installer (curl -fsSL https://test.clawwallet.cc/skills/install.sh | bash) and to download remote binaries to the local workspace — actions that go beyond simple local control and grant the remote host the ability to execute code on the machine.
!
Install Mechanism
There is no packaged install from a well-known release host: the published install flow uses curl | bash against https://test.clawwallet.cc/skills and downloads platform binaries from the same test host. This is a high-risk pattern because it executes remote script content and a remote binary with no built-in provenance (no checksum verification shown). The distribution host is a test/dev host (test.clawwallet.cc) rather than a widely-known release channel; that increases risk and should be reviewed before execution.
Credentials
Requested credentials (CLAY_SANDBOX_URL and CLAY_AGENT_TOKEN / AGENT_TOKEN) are consistent with a local sandbox wallet: the bearer token is required to call protected sandbox APIs and to initialize the wallet. The skill expects local config files containing those values. Minor inconsistency: AGENT_TOKEN is present as a legacy alias and is variably marked required in metadata — confirm which variable will actually be used. Users should treat CLAY_AGENT_TOKEN as a high-sensitivity secret because possession lets the caller perform wallet operations (signing, transactions) through the sandbox.
Persistence & Privilege
always:false and modelInvocation configured to require user confirmation for sensitive operations. The skill requests persistent workspace writes but scopes them to skills/claw-wallet-test/** and documents confirmation for reinstall/upgrade/uninstall/transactions. It also runs/starts a long-lived local sandbox process, which is reasonable for a local wallet sandbox.
What to consider before installing
This skill appears to be a legitimate local wallet sandbox, but exercise caution before installing. Key points: - The installer uses 'curl ... | bash' and downloads an executable from https://test.clawwallet.cc — this executes remote code and is high risk. Review the remote install script and binary provenance (signatures/checksums) before running. Prefer official release channels (GitHub releases or a known vendor host) where possible. - The CLAY_AGENT_TOKEN (and AGENT_TOKEN alias) is a bearer token that grants sandbox API access; treat it like a private key/password. If an attacker gets it they can instruct the sandbox to sign transactions. Only provide tokens you trust and understand the token's scope. - The installer will write persistent wallet files into skills/claw-wallet-test (including .env.clay and identity.json). Back up any important data first and do installs in an isolated environment or VM if possible. - Confirm the distribution host (test.clawwallet.cc) is the expected, official host for this skill. The SKILL.md references a dev/test environment — that may imply the package is not a production release. - Before running, open the remote install URL in a browser or fetch it and inspect it locally instead of piping it directly to the shell. Verify the binary you download (consider checking hashes or signatures). If you cannot verify the distributor or do not want to run remote binaries from that host, consider declining installation or requesting a vetted release build from the vendor.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fyxke61tm4zw8p095yjstad84cj6p

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

OSmacOS · Linux · Windows
Any binbash, sh, pwsh, powershell, curl
EnvCLAY_SANDBOX_URL, CLAY_AGENT_TOKEN, AGENT_TOKEN
Primary envCLAY_AGENT_TOKEN
Environment variables
CLAY_SANDBOX_URLrequiredBase URL for the local Claw Wallet sandbox HTTP server.
CLAY_AGENT_TOKENrequiredPrimary bearer token used for authenticated sandbox API calls.
AGENT_TOKENoptionalLegacy alias for the same sandbox bearer token.

Comments