← 返回 Skills 市场
harrylabsj

Wallet Safety Checkup

作者 haidong · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
72
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install wallet-safety-checkup
功能描述
A practical security review skill that checks wallet and backup habits for obvious weak points. Use when the user wants to audit their crypto security setup....
安全使用建议
This skill is suspicious because its code tries to read a hard-coded path in a user's home directory (/Users/jianghaidong/.openclaw/skills/{skill_name}/SKILL.md), which is unrelated to the described self-report wallet audit. Before installing or enabling it, ask the publisher why the handler needs to read that path (and why it's hard-coded to a specific home). Prefer a version that: (1) does not perform any filesystem reads, or (2) reads only its own packaged SKILL.md via a relative path or bundled resource, and (3) documents exactly what data it accesses. If you must run it, run it in a constrained/sandboxed environment and do not give it access to sensitive files. If you cannot get a clear explanation, avoid installing or enabling the skill.
功能分析
Type: OpenClaw Skill Name: wallet-safety-checkup Version: 1.0.0 The skill contains a hardcoded absolute file path in handler.py (/Users/jianghaidong/.openclaw/skills/) used for file operations, which is a security risk (potential path traversal or information disclosure) and indicates the code is not designed for portable or secure execution. While the SKILL.md instructions describe a benign crypto security audit based on self-reporting, the combination of sensitive subject matter and poor path handling practices is concerning.
能力标签
cryptorequires-walletrequires-sensitive-credentials
能力评估
Purpose & Capability
The skill claims to be a chat-driven, self-report wallet audit. Nothing in that description justifies reading files from a user's home directory. handler.py reads /Users/jianghaidong/.openclaw/skills/{skill_name}/SKILL.md via an absolute, hard-coded path, which is disproportionate and unrelated to the described purpose.
Instruction Scope
SKILL.md explicitly says 'self-report only' and 'No real-time scanning or forensic validation.' The runtime code contradicts this by performing filesystem access to a specific local path. The instructions do not mention reading local files or other system state, so the code expands scope unexpectedly.
Install Mechanism
No install spec is provided (instruction-only), which is low risk. There are two small code files bundled, but no installation or external downloads are requested.
Credentials
The skill declares no required environment variables or credentials (appropriate for a self-report tool). However, the code accesses a hard-coded path in a specific user's home directory; while not a credential, this filesystem access may allow reading local files if the handler is executed.
Persistence & Privilege
always is false and normal autonomous invocation is allowed. The skill does not request persistent privileges or modification of other skills. The main concern is the file access behavior combined with the ability to invoke the handler, not a persistent privilege flag.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install wallet-safety-checkup
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /wallet-safety-checkup 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of wallet-safety-checkup skill. - Provides a guided security review of wallet and backup habits. - Assesses key areas: seed phrase handling, backups, passwords, 2FA, device security, and phishing awareness. - Scores results using green/yellow/red for quick assessment. - Highlights top recoverability and theft risks, with prioritized recommended actions. - Delivers a concise, actionable monthly self-check routine.
元数据
Slug wallet-safety-checkup
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Wallet Safety Checkup 是什么?

A practical security review skill that checks wallet and backup habits for obvious weak points. Use when the user wants to audit their crypto security setup.... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 72 次。

如何安装 Wallet Safety Checkup?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install wallet-safety-checkup」即可一键安装,无需额外配置。

Wallet Safety Checkup 是免费的吗?

是的,Wallet Safety Checkup 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Wallet Safety Checkup 支持哪些平台?

Wallet Safety Checkup 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Wallet Safety Checkup?

由 haidong(@harrylabsj)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463368 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259467 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200457 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191163 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190189 · by oswalpalash

💬 留言讨论