Is daaab/base-wallet safe?

https://github.com/openclaw/skills/tree/main/skills/daaab/base-wallet

87
SAFE

This wallet management skill provides legitimate cryptocurrency functionality but involves inherent risks due to private key handling. While monitoring detected access to sensitive credential files, the skill code appears to follow security best practices and no malicious intent was identified.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 70/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 85/100 · 10%
Behavioral Reasoning 75/100 · 5%

Findings (5)

HIGH Sensitive Credential File Access -30

The monitoring detected access to multiple sensitive credential files including .env, SSH keys, AWS credentials, Docker config, and GCloud credentials during execution.

MEDIUM Cryptocurrency Private Key Management -25

This skill creates, stores, and manages cryptocurrency private keys, which represents an inherent high-risk functionality that could lead to financial loss if compromised.

MEDIUM JavaScript Code Execution -10

The skill contains executable JavaScript files that will run with agent permissions when invoked.

LOW External API Dependencies 0

The skill connects to external services including BaseMail API and Base network RPC endpoints, creating potential data leakage vectors.

INFO Security Best Practices Implemented 0

The skill implements security best practices including environment variable preference, file permission restrictions (600), and security warnings in documentation.