Monero Wallet
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This Monero wallet skill is coherent and mostly local, but it enables irreversible payments and tells agents to pay external 402 payment challenges without clear user confirmation or spending limits.
Install only if you trust the Ripley Gateway stack and are comfortable giving the agent access to a spending-capable Monero wallet. Use a small hot wallet, require manual confirmation for every outgoing payment, verify any 402 challenge domain/address/amount, and inspect or pin the external Docker components before use.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or compromised website could potentially induce the agent to spend wallet funds through a 402 challenge.
An untrusted external HTTP response can supply the payment destination, amount, and nonce, and the skill makes that response authoritative by instructing the agent to pay.
If your HTTP request to an external URL returns **HTTP 402 Payment Required**, you MUST follow this exact procedure ... Step 2: Pay the Invoice
Require explicit user confirmation before every payment, show the domain, address, amount, and nonce, and restrict automatic XMR402 handling to trusted services and capped amounts.
If the agent or a prompt is mistaken or manipulated, funds could be sent irreversibly to the wrong destination.
The included helper can initiate outgoing wallet transfers to arbitrary supplied addresses and amounts, but the artifacts do not require approval, spending limits, dry-run review, or reversibility.
def transfer(address, amount_xmr, api_key=None): ... api_call("transfer", method="POST", data={"address": address, "amount_xmr": float(amount_xmr)})Add mandatory confirmation for outgoing transfers, enforce maximum transaction amounts, and require a user-specified destination for non-402 payments.
Anyone or any process with access to the key may be able to query or spend from the connected wallet through the gateway.
The gateway API key authenticates wallet operations. Localhost hardcoding is a useful containment measure, but the key still represents authority over wallet functions.
GATEWAY_URL = "http://127.0.0.1:38084" ... headers = {"X-API-KEY": resolved_key, "Content-Type": "application/json"}Use a limited hot wallet, prefer environment-variable injection over command-line key passing, rotate the key if exposed, and scope gateway permissions if supported.
The security of the wallet depends on external images and setup steps outside this skill package.
The runtime gateway, node, and wallet RPC components are obtained through external Docker setup instructions that are not pinned or reviewed in the supplied artifacts.
Install and start the Ripley Gateway stack via the official instructions: ... This will pull the necessary Docker images
Inspect the gateway repository and Docker images, pin trusted versions, and run the stack in an isolated environment.
Wallet-related services may keep running after a task is complete and remain available on the local machine.
The skill relies on long-running local services. This is disclosed and purpose-aligned, but it is persistent wallet infrastructure outside the skill file itself.
Ensure `ripley-xmr-gateway`, `monero-wallet-rpc`, and `monero-node` are active: docker ps
Stop the Docker stack when not needed, keep it bound to localhost, and restrict access to the gateway API key.