Oathe Security Badge

Is eltontay/circle-wallet safe?

https://github.com/openclaw/skills/tree/main/skills/eltontay/circle-wallet

92
SAFE

This Circle wallet skill is a legitimate integration for USDC operations via Circle's Developer-Controlled Wallets API. The code is well-structured TypeScript with appropriate security practices, proper credential management, and clean installation behavior.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 80/100 · 5%

Findings (3)

LOW Network Access to External API -10

Skill requires network access to api.circle.com for legitimate wallet operations. This is properly declared in package.json permissions.

LOW PostInstall Build Script -15

Standard TypeScript compilation during npm install. This is a common and safe build step.

INFO Financial Transaction Capability -20

Skill enables USDC cryptocurrency transactions. While legitimately implemented, financial operations inherently require user caution and proper API key management.