← Back to Skills Marketplace
manyfestation

kaspa-wallet

by Manyfestation · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
1247
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install trial
Description
Send and receive KAS cryptocurrency. Check balances, send payments, generate wallets.
Usage Guidance
This package mostly does what it says (a CLI Kaspa wallet) but contains a few important red flags you should address before use: - Do not run this on a machine that holds real funds until you vet it. The code requires a private key or mnemonic via environment variables; those are sensitive values. - The installer pulls the 'kaspa' package from PyPI with no version pin. Verify the 'kaspa' package on PyPI (author, downloads, homepage) and prefer a pinned, audited dependency. Consider running install in an isolated VM or container. - The registry metadata omits the required env vars; that mismatch is suspicious—assume the skill requires a wallet secret and treat it accordingly. - Review the included scripts (install.py and scripts/kaswallet.py) locally. If you can't audit the code, consider using ephemeral testnet keys (KASPA_NETWORK=testnet-10) and fund only a small test balance first. - If you decide to install, run the installer in a sandbox (container/VM), inspect what gets installed into .venv, and avoid storing secrets in shared shells or logs. Prefer hardware wallets or a well-known, audited wallet for real funds. If you want, I can: - fetch and summarize the remainder of scripts/kaswallet.py (the file was truncated in the review input) to look for further surprises, - check the PyPI 'kaspa' package metadata, or - suggest minimal changes to harden the installer (pin deps, add checksum/lockfile, declare env requirements in metadata).
Capability Analysis
Type: OpenClaw Skill Name: Developer: Version: Description: OpenClaw Agent Skill Suspicious High-Entropy/Eval files: 3 The OpenClaw AgentSkills skill bundle for the Kaspa Wallet is classified as benign. The code and documentation are clearly aligned with its stated purpose of managing a cryptocurrency wallet. It handles sensitive information (private keys, mnemonics) via environment variables, which is a standard practice for CLI tools, and explicitly warns against exposing them. The installation script (`install.py`) uses standard Python virtual environment and `pip` commands to install the `kaspa` SDK from PyPI. The main script (`kaswallet.sh`) and Python logic (`scripts/kaswallet.py`) perform expected wallet operations like checking balances, sending funds, and generating mnemonics, all interacting with the Kaspa RPC network. Crucially, the `SKILL.md` documentation, which is treated as an attack surface, contains no evidence of prompt injection attempts, hidden instructions to exfiltrate data, or directives to perform actions outside the scope of a cryptocurrency wallet. The troubleshooting steps in `SKILL.md` that mention `sudo` are for user-initiated system setup, not for the agent to execute as part of the skill's core functionality.
Capability Assessment
Purpose & Capability
The skill's stated purpose (send/receive KAS) matches the included code (install.py, scripts/kaswallet.py, kaswallet.sh). However the registry metadata claims 'Required env vars: none' while the SKILL.md and the code clearly require a wallet secret (KASPA_PRIVATE_KEY or KASPA_MNEMONIC). This mismatch is an incoherence: anyone installing this wallet must supply secrets, yet the skill metadata does not declare them.
Instruction Scope
The runtime instructions in SKILL.md map directly to the included scripts: set credentials via environment variables, run install.py to create a venv and pip-install the 'kaspa' SDK, and invoke kaswallet.sh. The instructions do not ask the agent to read unrelated files or exfiltrate data. They do instruct agents to rely on env vars for keys (expected for a CLI wallet).
Install Mechanism
There is no registry-level install spec, but the bundle includes an install.py that creates a local .venv and runs pip install -r requirements.txt. requirements.txt contains a single unpinned dependency 'kaspa' (no version). Installing from PyPI without a pinned, audited version is a supply-chain risk (package typosquatting or future malicious updates). The installer performs standard venv creation and pip actions (no obscure download URLs), but the unpinned dependency and lack of provenance for the 'kaspa' package raise concern.
Credentials
The wallet legitimately needs a private key or mnemonic (KASPA_PRIVATE_KEY or KASPA_MNEMONIC) and optionally RPC config. That requirement is present in SKILL.md and in the code (scripts/kaswallet.py). However the skill's declared metadata listed no required env vars or primary credential, which is inconsistent and misleading. Requiring a mnemonic/private key is a high-sensitivity need and should be clearly declared. The code claims it does not store credentials to disk (installer and scripts don't write secrets), which aligns with expectations.
Persistence & Privilege
The skill does not request elevated persistence: always:false, no system-wide changes, and installer only creates a .venv inside the skill directory. It does not modify other skills or system agent settings. The skill can be invoked autonomously by the agent (platform default), which increases blast radius if malicious, but that is not combined here with other definitive red flags.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install trial
  3. After installation, invoke the skill by name or use /trial
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Kaspa Wallet 1.0.0 initial release - Standalone CLI wallet for Kaspa: send, receive, check balances, generate wallets. - All major functionality documented, including error handling and command output formats. - Supports wallet seed/key via environment variables for security. - Includes troubleshooting guidance and common workflows. - JSON output for every command enables easy automation and integration.
Metadata
Slug trial
Version 1.0.0
License
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is kaspa-wallet?

Send and receive KAS cryptocurrency. Check balances, send payments, generate wallets. It is an AI Agent Skill for Claude Code / OpenClaw, with 1247 downloads so far.

How do I install kaspa-wallet?

Run "/install trial" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is kaspa-wallet free?

Yes, kaspa-wallet is completely free (open-source). You can download, install and use it at no cost.

Which platforms does kaspa-wallet support?

kaspa-wallet is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created kaspa-wallet?

It is built and maintained by Manyfestation (@manyfestation); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments