Manage your Kite AI smart wallet securely with natural language Telegram commands for wallet creation, balance checks, sessions, limits, and transactions.

What to consider before installing or running this skill: - Origin & trust: The skill's source is listed as unknown. Prefer code from an identified, trusted repository/author. If you don't know the author, treat the package as untrusted. - Secret handling: The bot requires a private key and a Telegram token. Do NOT use a real/mainnet/private key. Use an empty/test wallet with minimal funds. Keep secrets out of repository commits — remove or gitignore your .env before pushing. GITHUB-SETUP.md includes push instructions; follow them only after scrubbing secrets. - Env name mismatch: The two JS files expect different env var names (telegram-bot.js expects PRIVATE_KEY and TELEGRAM_BOT_TOKEN; kite-wallet.js looks for KITE_WALLET_PRIVATE_KEY). Confirm which entrypoint you run and set the correct variables. Fix the code or env names before deploying to reduce confusion. - Logging & leakage: The bot prints the wallet address to stdout. If you run this on a shared machine or CI, logs could leak sensitive info. Run in an isolated environment (local machine or container) and avoid log aggregation that might capture secrets. - Test first: Run against the Kite testnet with a throwaway key and small test funds. Verify contract addresses on the provided explorer (testnet.kitescan.ai) and confirm factory behavior before using any valuable funds. - Code audit suggestions: Inspect/patch to (1) unify env variable names; (2) avoid printing private-related info to logs; (3) ensure input validation of Telegram commands and addresses; (4) ensure userId is correctly mapped to an Ethereum address (current code passes Telegram numeric userId where an address is expected, which looks like a bug). - Safer alternatives: If you need stronger security, sign transactions offline or use a hardware wallet / dedicated signing service rather than placing a raw private key in a .env file. If you want, I can produce a short checklist and minimal code edits to reduce the biggest risks (unify env names, stop logging sensitive fields, add warnings before pushing to GitHub).

Type: OpenClaw Skill Name: kite-agent-smart-wallet-permissionless-protocol-v2 Version: 2.0.5 The skill is classified as suspicious primarily due to multiple prompt injection vectors present in the markdown documentation files (`SKILL.md`, `GITHUB-SETUP.md`, `README.md`, `USER-GUIDE.md`, `用户手册.md`). These files contain shell commands (`git clone`, `npm install`, `node telegram-bot.js`, `gh auth login`, `gh repo create --push`) intended for human setup, but which an AI agent could misinterpret and execute, leading to unauthorized actions (e.g., creating GitHub repositories, pushing code). While the JavaScript code (`kite-wallet.js`, `telegram-bot.js`) handles sensitive information (private keys, Telegram bot tokens) necessary for its stated purpose of managing a crypto wallet, it does not show direct evidence of intentional data exfiltration or other malicious behavior. The use of `ethers.js` for blockchain interactions and `https` for Telegram API calls is consistent with the skill's functionality. The `GITHUB-SETUP.md` file is a particularly strong indicator of prompt injection risk due to the `gh auth login` and `gh repo create --push` commands.