Trust Assessment
clawdwallet received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 2 critical, 2 high, 0 medium, and 0 low severity. Key findings include Unpinned Git Repository Clone, Unpinned NPM Dependencies, Handling of Master Wallet Mnemonic.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 10/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Handling of Master Wallet Mnemonic The `init_wallet` command explicitly requires the agent to provide a full mnemonic phrase. This mnemonic is a master secret that grants complete control over all funds in the associated wallet across multiple chains. If the agent's environment is compromised, or if the skill's internal handling of this mnemonic is vulnerable (e.g., logging, improper storage), it could lead to the complete loss of all user funds. While necessary for wallet initialization, this operation carries extreme risk. Implement robust security measures for handling mnemonics. This includes: 1) Ensuring the agent's environment is highly secure and isolated. 2) Using hardware security modules (HSMs) or secure enclaves for mnemonic storage and signing if possible. 3) Never logging mnemonics. 4) Encouraging users to use dedicated, low-value wallets for agent operations. 5) Exploring alternative initialization methods that do not expose the full mnemonic directly to the agent's runtime memory, such as encrypted key files or secure input mechanisms. | LLM | SKILL.md:29 | |
| CRITICAL | Excessive Permissions: Direct Financial Control The `sign_and_respond` command grants the agent the ability to approve and sign arbitrary blockchain transactions. This provides the agent with direct and complete control over financial assets across all supported chains (EVM, UTXO, Cosmos, Solana, etc.). A compromised agent, or a successful prompt injection attack against the agent, could lead to unauthorized and irreversible transfer of funds, resulting in significant financial loss. Implement strict access controls and approval workflows. Consider: 1) Requiring multi-factor authentication or human confirmation for high-value transactions. 2) Implementing spending limits or whitelists for addresses. 3) Providing clear, human-readable transaction details to the agent for review before signing. 4) Isolating the agent's environment to minimize the risk of compromise. 5) Educating users on the critical risks associated with granting an AI agent direct financial control. | LLM | SKILL.md:37 | |
| HIGH | Unpinned Git Repository Clone The skill instructs users to clone a GitHub repository (`https://github.com/NeOMakinG/clawdwallet.git`) without specifying a commit hash, tag, or branch. This means that future installations could pull different code if the repository owner makes changes, potentially introducing new vulnerabilities or malicious code without explicit user awareness or consent. Pin the `git clone` command to a specific commit hash or a signed tag to ensure deterministic and verifiable code retrieval. For example: `git clone https://github.com/NeOMakinG/clawdwallet.git clawdwallet && cd clawdwallet && git checkout <commit_hash>`. | LLM | SKILL.md:10 | |
| HIGH | Unpinned NPM Dependencies The skill instructs to run `npm install` without providing a `package-lock.json` or `yarn.lock` file. This allows the package manager to fetch the latest compatible versions of dependencies, which can change over time. This introduces a supply chain risk, as a malicious update to any dependency could compromise the skill without explicit user action. Include a `package-lock.json` or `yarn.lock` file in the repository to ensure that dependency versions are pinned and deterministic across installations. This helps mitigate risks from malicious or vulnerable dependency updates. | LLM | SKILL.md:12 |
Scan History
Embed Code
[](https://skillshield.io/report/5fec67da35fbc05d)
Powered by SkillShield