Scan Report
5 /100
walletchan
Interact with web3 dapps using the WalletChan browser extension via Chrome CDP
WalletChan is a legitimate browser automation skill for web3 dapp interaction via Chrome CDP. It contains only documentation with no executable code, explicitly warns against sharing the Master Password, and requires only an Agent Password with limited scope.
Safe to install
This skill is safe to use. Users should ensure they never share their Master Password and only provide the Agent Password for wallet unlock and transaction confirmation.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No file operations in documentation |
| Network | NONE | NONE | — | CDP is local browser control only |
| Shell | NONE | NONE | — | No shell commands documented |
| Browser | READ | READ | ✓ Aligned | CDP tab control and page content reading documented |
2 findings
Medium External URL 外部 URL
https://walletchan.com/ SKILL.md:8 Medium External URL 外部 URL
https://chromewebstore.google.com/detail/walletchan/kofbkhbkfhiollbhjkbebajngppmpbgc SKILL.md:13 File Tree
1 files · 6.0 KB · 119 lines Markdown 1f · 119L
└─
SKILL.md
Markdown
Security Positives
✓ Clear distinction between Agent Password and Master Password with explicit warnings
✓ Agent Password scoped to limited operations (unlock, review, confirm) - cannot export private keys
✓ Emphasis on transaction verification before confirmation
✓ No executable code - purely documentation/guidance
✓ Explicit warnings about auto-lock and security best practices
✓ Guidance to never assume success and always verify state changes