Skill for managing EVM wallets, transactions, and network helpers via cast; covers onboarding, checks, and operating procedures.
Security Analysis
high confidenceThe skill generally does what it claims (manage EVM wallets via cast) but its declared metadata, runtime instructions, and scripts mismatch in important ways and it performs system installs and local secret handling that you should not run without review.
The skill's name/description (cast-based EVM wallet helper) matches the scripts' behavior, but the registry metadata declares no required binaries/env yet the scripts require and invoke cast/foundry, curl, python3, and optionally at/sudo. That discrepancy (declared requirements: none vs actual scripts: many) is incoherent and should have been declared.
SKILL.md instructs the agent to run the included scripts automatically (e.g., run check_wallet each session and run onboarding scripts). The scripts prompt for sensitive input (mnemonic/private key/password), write those to disk, and run remote installers. SKILL.md also promises an auto-delete fallback for mnemonics (background sleep) but the implementation only schedules deletion via 'at' (and attempts to apt-get install it), so the actual behavior doesn't fully match the instructions. The agent guidance to 'always run check_wallet automatically' grants the skill broad, repeated filesystem and network activity without explicit user consent per run.
There is no formal install spec in the registry, but the scripts themselves install Foundry by piping a remote install script (curl -L https://foundry.paradigm.xyz | bash). Download-and-execute of an external installer without verification is high-risk. The scripts also attempt to install the 'at' package via apt/sudo if missing, which can modify the host system.
The skill declares no required environment/credentials, yet it collects highly sensitive secrets interactively (mnemonic/private key/password) and stores them in plaintext files under ~/.agent-wallet (mnemonic file, pw.txt, keystore copy, temporary private key file). It also manipulates workspace-level files when removing a wallet (attempts to remove mentions from a logs/tx_mentions.log located relative to the workspace), which reaches outside the skill's own data directory and is disproportionate for a helper.
The skill writes persistent files to ${HOME}/.agent-wallet and to Foundry's keystore directory and may modify PATH for the session. It does not set always:true, which is appropriate, but it will perform privileged changes (installing packages via sudo/apt) and touches workspace logs when removing a wallet. Those behaviors grant it more system reach than a minimal CLI helper and should be considered sensitive.
Guidance
This skill is functionally coherent with a cast-based wallet helper, but there are multiple red flags you should consider before installing or running it: - The registry claims no external requirements, yet the scripts require cast/foundry, curl, python3 and optionally at/sudo. Ask the author why metadata is incomplete. Do not rely on the skill's declared requirements. - The onboarding scripts will prompt you for your mnemonic/private key and a keystore password, then save those to files in ~/.agent-wallet/pw.txt and temporary mnemonic files. These are stored in plaintext and only scheduled for deletion via 'at' (which the script may try to install). Do NOT paste real seed phrases/private keys into this tool unless you fully trust the code and runtime environment. - The installer uses curl | bash to fetch Foundry from foundry.paradigm.xyz — this executes remote code. If you decide to run it, review that installer first (do not pipe to shell blindly) or install Foundry manually from a verified source. - The remove script edits a workspace-level logs file to remove mentions of your address. That accesses files outside the skill's own directory and could modify unrelated artifacts. Review file paths and backups before running removal. - If you want to proceed safely: (1) inspect the scripts locally and run them in an isolated VM or container, (2) install Foundry/cast manually from official sources rather than allowing the script to curl|bash, (3) prefer hardware wallets or only use ephemeral test accounts (never mainnet funds) while evaluating, and (4) consider copying the scripts and adapting them to avoid storing secrets in plaintext (or using encrypted keystores only). If anything is unclear or you want, I can produce a short checklist of the exact commands and lines to review in the scripts before you run them, or produce a hardened run plan (manual install steps, required manual checks) you can follow.
Latest Release
v1.0.2
- Added a ClawAudit security badge to the skill documentation, confirming no high vulnerabilities found by ClawAudit AI analysis. - No functional or behavioral changes to the skill itself; this update is documentation-only.
More by @tezatezaz
Published by @tezatezaz on ClawHub
