by 下载技能包
最后更新
2026/4/3
安全扫描
OpenClaw
安全
high confidenceThe skill's code, instructions, and requirements are coherent with an EVM wallet tool: it needs a wallet JSON and RPC URL at runtime (passed as flags), signs/broadcasts transactions, and logs them locally — nothing requested or installed is disproportionate to that purpose.
评估建议
This skill appears to do exactly what it says: sign and broadcast EVM transactions and log them locally. Key safety notes before installing or running: (1) Never give an agent your main/private wallet file unless you fully trust it — prefer a dedicated, funded test or merchant wallet with limited balance. (2) Always pass --output to a path you control, and set file permissions (chmod 600) on wallet JSON. (3) For x402 flows, always use --max-amount and (when practical) --pay-to to avoid unexpecte...详细分析 ▾
✓ 用途与能力
Name/description match the provided scripts and SKILL.md. The tool performs on-chain signing, RPC calls, x402 payment flows, and local logging; those actions require a wallet key and RPC URL passed as CLI args, which is appropriate for a wallet skill.
✓ 指令范围
Runtime instructions are explicit about required inputs (--wallet-key, --rpc, --output) and warn about safety (--max-amount, ask your human). The SKILL.md does not instruct the agent to read unrelated system files or environment variables, nor to exfiltrate secrets to external endpoints beyond the target RPC/API URLs the user supplies.
✓ 安装机制
No installer downloads or post-install hooks are present; dependencies are standard Python packages (eth-account, requests). The skill is instruction-and-script-only, so nothing external is fetched by the install spec in the provided bundle.
✓ 凭证需求
The skill requests no environment variables or hidden credentials. It explicitly requires a wallet JSON file (private_key) and RPC/API endpoints at runtime — these are necessary and proportionate for signing and broadcasting transactions and for x402 flows.
ℹ 持久化与权限
The skill does not request permanent/always-on presence and does not modify other skills. It can be invoked autonomously by agents (platform default); because it can sign and broadcast transactions if given a private key, you should only provide wallet keys when you trust the agent and limit allowed spend (use --max-amount / --pay-to).
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv0.3.42026/4/1
Release 0.3.4
● 无害
安装命令
点击复制官方npx clawhub@latest install cdnsoft-wallet
镜像加速npx clawhub@latest install cdnsoft-wallet --registry https://cn.longxiaskill.com