中文 EN

扫描报告

扫描新文件

可疑 — 风险评分 52/100
上次扫描:2 天前 重新扫描
52 /100
claw-wallet
Local multi-chain wallet skill for AI agents with sandbox signing and configurable risk controls
Skill installs and executes an unsigned closed-source binary from GitHub without integrity verification, creating a supply chain risk, though the shell scripts themselves are transparent and the credential handling is properly scoped.
技能名称claw-wallet
分析耗时44.0s
引擎pi
谨慎使用
Before using this skill, verify the binary's integrity through published checksums or signatures. Consider auditing the sandbox binary independently or requesting source code availability. Use in isolated environments until verified.

安全发现 4 项

严重性 安全发现 位置
高危
Unsigned closed-source binary execution without integrity verification
install.sh downloads a pre-built binary (clay-sandbox) from github.com/ClawWallet/Claw_Wallet_Bin and executes it. No checksum, signature, or reproducible build verification is performed.
curl -L -o "$TMP_TARGET" "$BINARY_URL"
→ Verify binary integrity through published SHA256 checksums or GPG signatures. Consider requesting reproducible builds or source code audit.
 install.sh:42
中危
Third-party GitHub repository dependency for binary
The skill repo and binary repo are separate: skill from Claw-Wallet-Skill, binary from Claw_Wallet_Bin. This creates a supply chain gap where the skill documentation may not fully cover the binary's behavior.
BINARY_URL="https://github.com/ClawWallet/Claw_Wallet_Bin/raw/refs/heads/${BIN_BRANCH}/bin/$BINARY_NAME"
→ Ensure both repositories are from the same trusted entity and that the binary source is verifiable.
 install.sh:36
中危
External domain communication for wallet binding
The skill instructs users to visit external websites (nex-claw.vercel.app, clawwallet.cc) for wallet binding. While part of the documented workflow, this extends the trust boundary beyond the local sandbox.
https://nex-claw.vercel.app/claim/<uid>
→ Document what data is sent to external domains and ensure user consent for this network communication.
 SKILL.md:57
低危
Binary branch is configurable via environment variable
BIN_BRANCH defaults to 'dev' but can be overridden via CLAW_WALLET_BIN_BRANCH, potentially pulling binaries from non-main branches.
BIN_BRANCH="${CLAW_WALLET_BIN_BRANCH:-dev}"
→ Default to stable/release branches rather than development branches for production use.
 install.sh:34
资源类型声明权限推断权限状态证据
文件系统 WRITE WRITE ✓ 一致 skill.yml declares filesystem:read/write within skills/claw-wallet
网络访问 READ READ ✓ 一致 skill.yml declares localhost sandbox + github.com; SKILL.md also references exte…
命令执行 WRITE WRITE ✓ 一致 skill.yml declares exec for bash/sh scripts
环境变量 READ READ ✓ 一致 skill.yml declares CLAY_AGENT_TOKEN as sensitive credential; reads from .env.cla…
4 项发现
🔗
中危 外部 URL 外部 URL
https://nex-claw.vercel.app/claim/
SKILL.md:57
🔗
中危 外部 URL 外部 URL
https://nex-claw.vercel.app/
SKILL.md:105
🔗
中危 外部 URL 外部 URL
https://www.openclawby.com/api/skills?q=
SKILL.md:303
🔗
中危 外部 URL 外部 URL
https://www.clawwallet.cc/claim/
skill.yml:115

目录结构

5 文件 · 29.3 KB · 742 行
Markdown 2f · 371L Shell 2f · 256L YAML 1f · 115L
├─ 🔧 claw-wallet.sh Shell 155L · 4.4 KB
├─ 🔧 install.sh Shell 101L · 3.8 KB
├─ 📝 README.md Markdown 68L · 2.2 KB
├─ 📝 SKILL.md Markdown 303L · 14.8 KB
└─ 📋 skill.yml YAML 115L · 4.1 KB

依赖分析 1 项

包名版本来源已知漏洞备注
clay-sandbox unversioned (dev branch) github.com/ClawWallet/Claw_Wallet_Bin Closed-source binary downloaded and executed without integrity verification

安全亮点

✓ Shell scripts are transparent, readable, and perform expected operations
✓ User confirmation required before executing transactions and uninstall
✓ Credential access is properly scoped to skill directory only
✓ No hidden functionality detected in shell scripts
✓ No base64-encoded payloads, eval(), or obfuscated code
✓ No credential harvesting or exfiltration patterns
✓ No access to sensitive paths like ~/.ssh, ~/.aws, or .env
✓ No curl|bash direct execution patterns
✓ No direct IP network requests detected
✓ Upgrade process preserves critical wallet state files