Oathe Security Badge

Is 0xArtex/agentwallet-cli safe?

https://clawhub.ai/0xArtex/agentwallet-cli

84
SAFE

This skill provides legitimate documentation for cryptocurrency wallet management but introduces significant financial risks by enabling AI agents to conduct blockchain transactions. While the skill files themselves are clean, the instructions to execute external npm packages and handle cryptocurrency create security concerns.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 60/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 40/100 · 5%

Findings (4)

HIGH External code execution via npm -40

The skill instructs agents to execute external code using 'npx @agntos/agentwallet' commands, which downloads and runs untrusted Node.js packages from the npm registry.

HIGH Cryptocurrency transaction risks -60

The skill enables AI agents to create wallets, generate private keys, and conduct cryptocurrency transactions autonomously, which could result in significant financial losses if the agent is compromised or makes errors.

MEDIUM Dependency on external package -10

Reliance on the @agntos/agentwallet npm package introduces supply chain risk if the package is compromised.

LOW External tool instructions -5

While not malicious, the skill provides extensive instructions for using external cryptocurrency tools which could be misused.