This skill is focused on crypto/EVM wallet operations and transaction workflows using cast. It covers wallet creation, importing or generating keys, checking balances, sending coins or tokens, monitoring tokens, creating and verifying transactions, and keeping agent keystores secure so the agent can guide the user through the core crypto operations a wallet handles.
Security Analysis
medium confidenceThe skill's scripts mostly match a wallet/onboarding purpose, but several behaviors (automatic probes, saving secrets to disk, remote install via curl|bash, and automatic package installation) are disproportionate or surprising and warrant review before installing.
The name/description (EVM wallet via cast) matches the included scripts: installing Foundry/cast, deriving/importing keys, creating keystores, selecting RPCs, and showing balances. The files (network/token JSON, keystore handling) are coherent with the stated purpose.
SKILL.md instructs the agent to run readiness checks automatically each session and to run the provided scripts in order. The scripts read/write key material and passwords under ${HOME}/.agent-wallet, may schedule deletion jobs, and edit workspace logs on wallet removal. Automatic, unprompted checks and automatic saving of secrets broaden scope beyond simple query/response behavior and could surprise users.
There is no packaged install spec, but scripts include an installer that runs `curl -L https://foundry.paradigm.xyz | bash` to install Foundry/cast (a remote-install via pipe-to-shell). While the domain is the known Foundry installer, pipe-to-shell is high-risk and the script also attempts to install the 'at' package via apt-get/sudo if needed. Both behaviors modify the system and warrant manual review before execution.
The skill declares no required env vars, but scripts read/write many local paths (HOME, ~/.foundry/keystores, ~/.agent-wallet/state.env, workspace logs). They store the keystore and also write the keystore password to a plaintext file (pw.txt) and temporarily persist mnemonics/private keys before deletion. Saving secrets to disk without explicit, granular user consent is disproportionate and risky for a wallet-related tool unless the user explicitly accepts it.
The skill is not 'always:true', but SKILL.md instructs the agent to run check_wallet.sh automatically each session and to proceed autonomously through onboarding flows when no wallet exists. Autonomous invocation is platform-default, but combined with persistent secret storage and system-changing installs, this increases the blast radius. remove_wallet.sh also modifies workspace files (logs/tx_mentions.log), which is an unusual side-effect to be aware of.
Guidance
What to consider before installing - Review the scripts before running: open scripts/01_install_cast.sh and scripts/03_password.sh in particular. - Installer: the skill will run the Foundry installer via curl|bash. Prefer to install Foundry/cast manually (or verify the installer) rather than letting the skill run a remote install. - Secrets on disk: the skill writes your keystore and also saves the keystore password to ~/.agent-wallet/pw.txt and may write mnemonics to plaintext files temporarily. If you do not want secrets persisted, edit the scripts to avoid writing the password or mnemonic, or refuse the option that saves them. - Automatic checks: SKILL.md asks the agent to run readiness/checks automatically each session. If you prefer explicit control, do not enable autonomous invocation or modify the agent instructions to ask you first. - System changes: the skill may attempt to install the 'at' command via apt/sudo to schedule mnemonic deletion. If you are uncomfortable with automatic package installs or sudo usage, run the scripts manually and skip that step. - Workspace modification: wallet removal will attempt to remove wallet mentions from a workspace log (logs/tx_mentions.log). Ensure that behavior is acceptable in your environment. - Best practice: test in an isolated environment (no real funds) first. Consider using a hardware wallet or keeping private keys offline rather than importing them into this agent-managed keystore. If you proceed, backup keystore and password securely, or modify the scripts to avoid saving passwords in plaintext. If you want, I can produce a short checklist and a minimal patch (lines to change) to make this skill safer (for example: stop auto-saving password, avoid pipe-to-bash installer, and require explicit user consent before any automatic check or system install).
Latest Release
v1.0.1
- No file changes were detected in this release. - Documentation and guidance remain unchanged; no functional or behavioral updates included. - Version bump only; this update has no impact on users.
More by @tezatezaz
Published by @tezatezaz on ClawHub
