Clawcast - Cast Ethereum Wallet for Agents

Overall the files and scripts implement an EVM wallet onboarding and helper workflow (install cast/Foundry, create/import key, create keystore, select network, maintain token lists). That aligns with the stated purpose. However the skill also attempts to modify workspace-level files (removes mentions from a workspace logs/tx_mentions.log during removal) and can install system packages (see install logic for 'at'). Those actions are not strictly required for basic wallet management and are worth questioning.

SKILL.md instructs the agent to run a readiness check automatically each session and to automatically run the onboarding scripts when no wallet exists. The scripts request highly sensitive input (mnemonic/private key/password) and then write secrets to disk (temporary private key file, mnemonic backup file, and a plaintext password file). The README promises a background 'sleep' fallback for mnemonic cleanup but the code only attempts to schedule deletion via 'at' and warns if 'at' is unavailable — so the claimed automatic cleanup may not occur. Automatic session checks, persistent storage of secrets, and the incomplete cleanup guarantee expand the runtime scope beyond a simple helper.

Although the registry shows no install spec, the included scripts will fetch and run external installers at runtime. scripts/01_install_cast.sh executes: curl -L https://foundry.paradigm.xyz | bash — a remote install executed without an integrity check. The wallet scripts also try to install the 'at' package via apt if missing (and will attempt sudo). Remote shell installers and on-the-fly package installs are higher-risk operations and should be considered sensitive.

No environment variables are requested in metadata (consistent), but the skill asks users to supply secrets interactively (mnemonic/private key/password) and then stores them on disk: a temporary private key (APP_DIR/privatekey.tmp), mnemonic files (APP_DIR/mnemonic-words-*.txt) and a plaintext PASSWORD_FILE (APP_DIR/pw.txt). Storing the keystore password in a file and saving mnemonic backups (even if scheduled for deletion) is a sensitive operational choice — reasonable for an agent that will perform non-interactive sends, but disproportionate relative to a read-only assistant and risky without explicit user consent and secure storage warnings.

The skill is not force-enabled (always: false). SKILL.md instructs the agent to run scripts/check_wallet.sh automatically each session and to perform onboarding automatically when no wallet exists; this means the agent may autonomously access stored wallet metadata and call RPC endpoints (for balances). Autonomous invocation is permitted by default, but combined with automatic checks and the ability to accept/store secrets, it increases the operational blast radius. The skill does not request system-wide config changes beyond writing its own files and optionally installing packages via apt.