Security checks across malware telemetry and agentic risk
This appears to be a disclosed wallet bridge, but it needs Review because it can move real crypto funds and has broad approval, mainnet, secret-storage, and auto-unlock behavior.
Only install this if you intend to let an OpenClaw agent operate a real wallet. Start on devnet/testnet or sign-only mode, avoid putting private keys or approval secrets in plugin config, keep sealed vault credentials tightly controlled, and require a fresh human confirmation before any mainnet execute. VirusTotal and the static scan were clean, so this is a Review classification based on high-impact wallet authority and scoping concerns, not evidence of malware.
- For a local official OpenClaw install, `userId` should represent the wallet owner for that agent install. - The public OpenClaw plugin docs do not document a per-request end-user identifier in `registerTool(...).execute(...)`, so dynamic multi-user wallet selection is intentionally kept in the Python/runtime layer, not inside the TypeScript plugin itself. - Helper scripts in `agent-wallet/scripts/` are generic patch/finalize utilities and no longer assume a specific local username, path, or temporary master key. - The OpenClaw plugin API in this repo exposes tool registration, not host password prompts. EVM wallet create/unlock still is not a public agent tool, but the runtime can now auto-create or auto-unlock the local EVM wallet during `set_wallet_backend` or EVM tool calls when `sealed_keys.json` contains the local EVM vault password. - For a one-command local BTC onboarding path, use `agent-wallet/scripts/bootstrap_openclaw_btc.py`, which both sets up the BTC wallet binding and patches local OpenClaw config for `backend=wdk_btc_local`. - The BTC flow now only supports local service URLs (`127.0.0.1` / `localhost` / `::1`). - The local BTC service is protected with a bearer token loaded from `~/.openclaw/wdk-btc-wallet/local-auth-token`, not from plugin config JSON.
62/62 vendors flagged this plugin as clean.
