← Back to Skills Marketplace
72
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install wallet-safety-checkup
Description
A practical security review skill that checks wallet and backup habits for obvious weak points. Use when the user wants to audit their crypto security setup....
Usage Guidance
This skill is suspicious because its code tries to read a hard-coded path in a user's home directory (/Users/jianghaidong/.openclaw/skills/{skill_name}/SKILL.md), which is unrelated to the described self-report wallet audit. Before installing or enabling it, ask the publisher why the handler needs to read that path (and why it's hard-coded to a specific home). Prefer a version that: (1) does not perform any filesystem reads, or (2) reads only its own packaged SKILL.md via a relative path or bundled resource, and (3) documents exactly what data it accesses. If you must run it, run it in a constrained/sandboxed environment and do not give it access to sensitive files. If you cannot get a clear explanation, avoid installing or enabling the skill.
Capability Analysis
Type: OpenClaw Skill
Name: wallet-safety-checkup
Version: 1.0.0
The skill contains a hardcoded absolute file path in handler.py (/Users/jianghaidong/.openclaw/skills/) used for file operations, which is a security risk (potential path traversal or information disclosure) and indicates the code is not designed for portable or secure execution. While the SKILL.md instructions describe a benign crypto security audit based on self-reporting, the combination of sensitive subject matter and poor path handling practices is concerning.
Capability Tags
Capability Assessment
Purpose & Capability
The skill claims to be a chat-driven, self-report wallet audit. Nothing in that description justifies reading files from a user's home directory. handler.py reads /Users/jianghaidong/.openclaw/skills/{skill_name}/SKILL.md via an absolute, hard-coded path, which is disproportionate and unrelated to the described purpose.
Instruction Scope
SKILL.md explicitly says 'self-report only' and 'No real-time scanning or forensic validation.' The runtime code contradicts this by performing filesystem access to a specific local path. The instructions do not mention reading local files or other system state, so the code expands scope unexpectedly.
Install Mechanism
No install spec is provided (instruction-only), which is low risk. There are two small code files bundled, but no installation or external downloads are requested.
Credentials
The skill declares no required environment variables or credentials (appropriate for a self-report tool). However, the code accesses a hard-coded path in a specific user's home directory; while not a credential, this filesystem access may allow reading local files if the handler is executed.
Persistence & Privilege
always is false and normal autonomous invocation is allowed. The skill does not request persistent privileges or modification of other skills. The main concern is the file access behavior combined with the ability to invoke the handler, not a persistent privilege flag.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install wallet-safety-checkup - After installation, invoke the skill by name or use
/wallet-safety-checkup - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of wallet-safety-checkup skill.
- Provides a guided security review of wallet and backup habits.
- Assesses key areas: seed phrase handling, backups, passwords, 2FA, device security, and phishing awareness.
- Scores results using green/yellow/red for quick assessment.
- Highlights top recoverability and theft risks, with prioritized recommended actions.
- Delivers a concise, actionable monthly self-check routine.
Metadata
Frequently Asked Questions
What is Wallet Safety Checkup?
A practical security review skill that checks wallet and backup habits for obvious weak points. Use when the user wants to audit their crypto security setup.... It is an AI Agent Skill for Claude Code / OpenClaw, with 72 downloads so far.
How do I install Wallet Safety Checkup?
Run "/install wallet-safety-checkup" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Wallet Safety Checkup free?
Yes, Wallet Safety Checkup is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Wallet Safety Checkup support?
Wallet Safety Checkup is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Wallet Safety Checkup?
It is built and maintained by haidong (@harrylabsj); the current version is v1.0.0.
More Skills