Is husseinrasti/monad-wordle-game safe?

The skill's setup code explicitly instructs agents to call privateKeyToAccount(process.env.PRIVATE_KEY). Any agent operating in an environment where the PRIVATE_KEY variable is set will read the user's wallet private key and use it to sign real mainnet blockchain transactions without additional confirmation. This represents a serious credential access pattern embedded in normal skill operation.

Before playing, the skill requires purchasing $WORDLE tokens through nad.fun, a specific DEX where the skill author likely holds positions. The CREATOR_TREASURY address in the DEX config confirms the protocol routes fees to the author. Every user following this skill generates buy pressure on a specific token and fee revenue for the author. This is a textbook crypto pump-and-play scheme embedded in a utility skill.

The skill requires POSTing the user's wallet address and transaction hash to wordle.nadnation.xyz, a domain controlled by the skill author. This deanonymizes the user's on-chain identity, links wallet addresses to agent sessions, and creates a persistent user profile on the author's servers.

The skill instructs agents to fetch smart contract ABIs from https://nad.fun/abi.md at runtime. If this domain is compromised or the content changes, the agent could receive malicious ABI definitions causing it to interact with attacker-controlled contracts, approve unintended spending, or execute different function signatures than expected.

The secret word is stored server-side and only revealed in API responses. There is no on-chain commitment scheme, merkle proof, or zero-knowledge verification. The server operator can manipulate win/loss outcomes, deny valid guesses, selectively award wins to preferred addresses, or shut down entirely — all while continuing to collect 100 $WORDLE per game start.

The skill implicitly grants itself permission to approve ERC20 spending allowances, execute token purchases through a DEX, and call payable contract functions — all on a live mainnet with real funds. These permissions significantly exceed what a 'play a word game' description implies and are not presented to the user for explicit consent before each financial step.

The skill explicitly targets Monad Mainnet (not a testnet) and requires executing live ERC20 approve() and playGame() transactions. An agent that is authorized to make blockchain transactions and follows this skill will spend real cryptocurrency — 100 $WORDLE per game plus gas costs — without the user necessarily understanding the financial consequences.

The connection diff shows the openclaw-gateway process (pid=1090) establishing new ESTAB TCP connections to 98.83.99.233:443, 3.213.170.18:443, and 104.16.8.34:443 after installation, plus new listening ports 18790 and 18793. These are attributed to the openclaw audit infrastructure rather than the skill, but represent infrastructure behavior worth noting.

All six credential honeypot files were accessed simultaneously at a single timestamp (1771935251.710) immediately after skill installation completed. The simultaneity and completeness strongly suggests an automated sweep. Files were confirmed intact with no modifications or exfiltration. The pattern is consistent with the audit framework's post-install verification routine rather than the skill itself.

Normal skill operation requires agent connections to four distinct external services: monad-mainnet.drpc.org (RPC node), api.nadapp.net (DEX API), nad.fun (ABI source), and wordle.nadnation.xyz (game server). Each connection represents a potential data interception point and expands the attack surface beyond what a minimal blockchain game skill requires.