AgentWallet

Secure multi-chain wallet for AI agents. Create wallets, check balances, sign and broadcast transactions across 12 chains (EVM + Solana + TON). Private keys...

This skill could be legitimate, but there are several red flags you should address before installing or using it with real funds: 1) The runtime docs reference AGENTWALLET_TOKEN (a sensitive session token) but the registry metadata does not declare it as a required/primary credential — ask the publisher to explicitly declare and justify AGENTWALLET_TOKEN and AGENTWALLET_PASSWORD, and mark the token as sensitive/primary. 2) The install uses an npm package named `agentwallet` with no pinned version, no verified repository, and a placeholder repo URL — verify the package author, repository, release tags, and checksum (or prefer installing a vetted binary). 3) Review the package source code (or request an audit) before running it, and test in an isolated environment or ephemeral VM with no real funds. 4) Prefer short-lived session tokens, enable and verify the TTY-gating behavior for export/mnemonic, and avoid exporting secrets to other processes. 5) If you proceed, require the publisher to provide a proper homepage/repository, pinned version, and clear primaryEnv metadata (AGENTWALLET_TOKEN) — until then treat this skill as untrusted for managing real private keys.

Type: OpenClaw Skill Name: phlegon-agentwallet Version: 1.0.0 The skill bundle provides an interface for a crypto wallet CLI (agentwallet) with high-risk capabilities, including multi-chain transaction signing and fund transfers across 12 blockchains. While SKILL.md includes defensive instructions for the AI agent (e.g., session locking and blocking key exports), the metadata in _meta.json contains a future-dated timestamp (2026) and SKILL.md references a placeholder repository URL (github.com/user/agentwallet). These indicators, combined with the inherent risks of automated asset management, warrant a suspicious classification.