Skill Trust Decision

claw-wallet

Name: claw-wallet Trust Review Report
Item: claw-wallet
Rating: 48
Author: ClawSafe

Skill installs and executes an unsigned closed-source binary from GitHub without integrity verification, creating a supply chain risk, though the shell scripts themselves are transparent and the credential handling is properly scoped.

Install decision first Source: Manual upload Scanned: Apr 3, 2026

Files 5

Artifacts 4

Violations 0

Findings 4

Most direct threat evidence

High

Unsigned closed-source binary execution without integrity verification

install.sh downloads a pre-built binary (clay-sandbox) from github.com/ClawWallet/Claw_Wallet_Bin and executes it. No checksum, signature, or reproducible build verification is performed.

install.sh:42

Why this conclusion was reached

1/4 dimensions flagged

Pass

Declared vs actual capability

Declared resources and inferred behavior are broadly aligned.

Review

Hidden execution and egress

4 lower-risk artifacts were extracted and still need context.

Block

Attack chain and severe findings

The report includes 0 attack-chain steps and 1 severe findings.

Pass

Dependencies and supply chain hygiene

Dependencies are present but no obvious high-risk issue stands out.

What drove the risk score up

Unsigned closed-source binary execution +30

install.sh downloads and executes pre-built binary from github.com/ClawWallet/Claw_Wallet_Bin without checksum or signature verification

External network access to third-party domains +15

Skill communicates with nex-claw.vercel.app and clawwallet.cc for bind flows; external GitHub repo access beyond declared sandbox

Supply chain dependency on third-party binary repo +12

Binary source is a separate repo (Claw_Wallet_Bin) not directly tied to skill repo

Most important evidence

High

Unsigned closed-source binary execution without integrity verification

install.sh downloads a pre-built binary (clay-sandbox) from github.com/ClawWallet/Claw_Wallet_Bin and executes it. No checksum, signature, or reproducible build verification is performed.

install.sh:42

Verify binary integrity through published SHA256 checksums or GPG signatures. Consider requesting reproducible builds or source code audit.

Medium

Third-party GitHub repository dependency for binary

The skill repo and binary repo are separate: skill from Claw-Wallet-Skill, binary from Claw_Wallet_Bin. This creates a supply chain gap where the skill documentation may not fully cover the binary's behavior.

install.sh:36

Ensure both repositories are from the same trusted entity and that the binary source is verifiable.

Medium

External domain communication for wallet binding

The skill instructs users to visit external websites (nex-claw.vercel.app, clawwallet.cc) for wallet binding. While part of the documented workflow, this extends the trust boundary beyond the local sandbox.

SKILL.md:57

Document what data is sent to external domains and ensure user consent for this network communication.

Low

Binary branch is configurable via environment variable

BIN_BRANCH defaults to 'dev' but can be overridden via CLAW_WALLET_BIN_BRANCH, potentially pulling binaries from non-main branches.

install.sh:34

Default to stable/release branches rather than development branches for production use.

Declared capability vs actual capability

Filesystem Pass

Declared WRITE

→

Inferred WRITE

skill.yml declares filesystem:read/write within skills/claw-wallet

Network Pass

Declared READ

→

Inferred READ

skill.yml declares localhost sandbox + github.com; SKILL.md also references external bind URLs

Shell Pass

Declared WRITE

→

Inferred WRITE

skill.yml declares exec for bash/sh scripts

Environment Pass

Declared READ

→

Inferred READ

skill.yml declares CLAY_AGENT_TOKEN as sensitive credential; reads from .env.clay

Suspicious artifacts and egress

Medium External URL

https://nex-claw.vercel.app/claim/

SKILL.md:57

Medium External URL

https://nex-claw.vercel.app/

SKILL.md:105

Medium External URL

https://www.openclawby.com/api/skills?q=

SKILL.md:303

Medium External URL

https://www.clawwallet.cc/claim/

skill.yml:115

Dependencies and supply chain

Package	Version	Source	Known vuln	Notes
clay-sandbox	`unversioned (dev branch)`	github.com/ClawWallet/Claw_Wallet_Bin	No	Closed-source binary downloaded and executed without integrity verification

File composition

5 files · 742 lines

Markdown 2 files · 371 linesShell 2 files · 256 linesYAML 1 files · 115 lines

Files of concern · 3

SKILL.md Markdown · 303 lines

External domain communication for wallet binding · https://nex-claw.vercel.app/claim/ · https://nex-claw.vercel.app/ · https://www.openclawby.com/api/skills?q=

skill.yml YAML · 115 lines

https://www.clawwallet.cc/claim/

install.sh Shell · 101 lines

Unsigned closed-source binary execution without integrity verification · Third-party GitHub repository dependency for binary · Binary branch is configurable via environment variable

Other files · claw-wallet.sh · README.md

Security positives

Shell scripts are transparent, readable, and perform expected operations

User confirmation required before executing transactions and uninstall

Credential access is properly scoped to skill directory only

No hidden functionality detected in shell scripts

No base64-encoded payloads, eval(), or obfuscated code

No credential harvesting or exfiltration patterns

No access to sensitive paths like ~/.ssh, ~/.aws, or .env

No curl|bash direct execution patterns

No direct IP network requests detected

Upgrade process preserves critical wallet state files