Is kernel1983/w3connect safe?

https://github.com/openclaw/skills/tree/main/skills/kernel1983/w3connect

82
SAFE

This skill provides cryptocurrency wallet functionality through HTTP requests to a local service. While the skill itself contains no malicious code, it handles financial transactions that could result in monetary losses if the required local service is compromised. The skill shows clean installation behavior with no code execution risks.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 70/100 · 5%

Findings (3)

MEDIUM Cryptocurrency Transaction Risk -20

This skill performs cryptocurrency transactions (ETH, USDC) through HTTP requests to a local service on port 5333. Users could suffer financial losses if the local service is malicious, compromised, or misconfigured.

LOW External Service Dependency -15

The skill relies entirely on a local HTTP service that may not exist or may be untrusted. While no direct data exfiltration occurs, the service could potentially access sensitive information passed through API calls.

LOW Agent Execution Instruction -10

Contains instruction directing agent behavior, though benign in nature.