Openclaw Send Skill
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is transparent about automating ETH transfers, but it gives the agent hot-wallet signing authority and relies on unpinned runtime npm tooling, so it should be reviewed carefully before use.
Use this only with a fresh temporary hot wallet and only the amount you are willing to put at risk. Prefer the manual Ceaser flow for better privacy, verify the ceaser-mcp package/version before running, inspect the unsigned transaction details before signing, and clear local pending transaction files and mnemonic environment variables afterward.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the unsigned transaction source is wrong, stale, or tampered with, the agent could spend the hot wallet's funded ETH in an unintended transaction.
The helper signs and broadcasts whatever unsigned transaction it accepts after only checking chainId and address format; it does not visibly bind the transaction to the Ceaser contract, expected method, amount, or recipient.
const tx = { to: unsignedTx.to, data: unsignedTx.data, value: BigInt(unsignedTx.value), chainId: BASE_CHAIN_ID, ... }; const txResponse = await wallet.sendTransaction(tx);Require explicit user review of the transaction details immediately before signing, and enforce code-level checks for the expected Ceaser contract address, method, value, and chain.
A changed or compromised npm package could affect the transaction flow used to handle real ETH.
The MCP server configuration runs ceaser-mcp by package name through npx without a pinned version or integrity reference, and the provided package files do not include ceaser-mcp as a locked dependency.
"command": "npx", "args": ["-y", "ceaser-mcp"]
Pin ceaser-mcp to a reviewed version, include it in a lockfile or install spec with integrity metadata, and avoid automatic latest-package execution for financial operations.
Anyone who sees or captures the mnemonic can control the hot wallet and any ETH left in it.
The helper uses a BIP-39 mnemonic from an environment variable to control the hot wallet that the user funds. This is expected for the stated purpose, but it is sensitive wallet authority.
const raw = process.env.CEASER_HOT_MNEMONIC; ... return ethers.HDNodeWallet.fromMnemonic(mnemonic);
Use a fresh hot wallet only for the intended transfer amount, avoid logging or reusing the mnemonic, and clear the environment variable after the operation.
A stale or modified local pending transaction file could be reused and signed unexpectedly.
The helper automatically trusts a persistent pending transaction file in the user's home directory as input for signing, without visible session binding or freshness checks.
const DEFAULT_PENDING_TX = path.join(os.homedir(), '.ceaser-mcp', 'pending-tx.json'); ... unsignedTx = JSON.parse(fs.readFileSync(txFilePath, 'utf8'));
Clear pending transaction files before each run, bind pending transactions to the current session, and confirm transaction contents before signing.