Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Autonomous Wallet
v1.0.0Self-healing crypto wallet for AI agents with intent-based execution and social recovery | AI 代理的自我修复加密钱包,支持意图执行和社交恢复
⭐ 0· 258·0 current·0 all-time
byJustin Liu@zhenstaff
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (autonomous crypto wallet) match the declared runtime needs in SKILL.md (PRIVATE_KEY or MNEMONIC, RPC_URL, node/npm, installing an npm package). However the registry metadata you provided earlier said 'Required env vars: none' and 'Required binaries: none' — that contradicts the skill's own SKILL.md which lists environment secrets and node/npm as required tools. Also the SKILL.md claims a 'verified repository' but maintainers/org names differ between places (ZhenRobotics vs ZhenStaff), which is an integrity/credibility mismatch.
Instruction Scope
The instructions are focused on wallet actions (init, import, execute intents, social recovery) which fit the stated purpose. But they explicitly instruct users to provide highly sensitive secrets (PRIVATE_KEY or MNEMONIC) as environment variables or import them, and to grant the skill authority to turn natural-language intents into on-chain transactions. That gives the agent broad ability to move funds if invoked. The SKILL.md does not direct reading unrelated system files, but the scope (autonomous transaction execution) is intrinsically high-risk and requires strong guardrails which are not detailed here.
Install Mechanism
This is an instruction-only skill (no install spec in the registry), but the SKILL.md instructs the user to globally install an npm package (openclaw-autonomous-wallet). Installing an npm package is a moderate-risk action because packages can contain arbitrary code; the SKILL.md points to a GitHub repo (claimed verified) but the registry metadata lacks an install spec and the org/maintainer names are inconsistent. Verify the package source and audit code before installing.
Credentials
Requested environment variables (PRIVATE_KEY, MNEMONIC, RPC_URL, NETWORK, ETHERSCAN_API_KEY) are consistent with a wallet's needs — they are not unrelated credentials. That said, PRIVATE_KEY and MNEMONIC are extremely sensitive. The SKILL.md encourages storing them in env vars or importing them, which is a common but risky pattern unless done in a secure, ephemeral environment (or via hardware wallet).
Persistence & Privilege
The skill is not 'always:true' and is user-invocable, but model invocation is enabled (default). That means an agent could autonomously call into the wallet logic to execute intents. Combining autonomous invocation with access to private keys/mnemonic materially increases risk — if the npm package or runtime behavior is malicious or buggy, funds could be moved without clear, auditable human approval. The skill does not provide strong, explicit runtime guardrails in the SKILL.md (e.g., mandatory manual approval, signing threshold enforcement at runtime).
What to consider before installing
Do not install or hand over keys until you verify the package and repository. Steps to consider before using: 1) Confirm the npm package (openclaw-autonomous-wallet) exists on npm and the GitHub repo is legitimate and matches the maintainer listed in the registry; inspect recent commits, open issues, and contributors. 2) Audit the package source code (especially any code that handles PRIVATE_KEY/MNEMONIC, remote endpoints, or executes commands). 3) Prefer hardware-wallet integration or ephemeral signing (avoid exporting your long-term private key as an environment variable). 4) Test thoroughly on a testnet with small funds and enable any available simulation/safety flags. 5) If you must use autonomous execution, require explicit human approval for transfers above a safe threshold or require multisig/hardware signing. 6) Be wary of mismatched maintainer/org names (ZhenRobotics vs ZhenStaff) and undocumented docs/links; resolve these inconsistencies with the package maintainer before trusting the skill.Like a lobster shell, security has layers — review code before you run it.
latestvk9790tnx2ah413jdnp7s8sc3fd82r78w
License
MIT-0
Free to use, modify, and redistribute. No attribution required.