Latest release: v4.8.9Download zip
Capabilities
Compatibility
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The stated purpose and capabilities fit together: the skill is a self-custodial wallet integration with balances, transfers, swaps, signing, approvals, and onboarding. Those capabilities are inherently high-impact because they can affect funds and wallet authority.
Instruction Scope
The included workflow context describes approval boundaries, but the artifacts also describe mnemonic-bearing wallet creation, signing, swaps, approval settings, and autonomy modes. The top-level skill text does not fully bound how sensitive seed material, approval changes, or autonomous wallet behavior are contained.
Install Mechanism
Although there is no install spec, the bundle contains and wires a local MCP server that runs Node and loads bundled payload code. This is expected for a wallet MCP bundle, but it is under-declared relative to the registry requirements and is more sensitive because static scanning flagged hardcoded secrets and obfuscated code in the payload.
Credentials
The wallet uses local file-backed storage and handles user passwords, mnemonic material, balances, transfers, swaps, and signatures. That is proportionate to a wallet, but users need explicit storage, retention, backup, and deletion expectations before trusting it with real funds.
Persistence & Privilege
The MCP configuration initializes a persistent wallet profile, and the runtime code resolves file storage under the user's home directory. Persistent wallet state and approval settings are sensitive, especially for a self-custodial wallet.
Scan Findings in Context
[suspicious.exposed_secret_literal] unexpected: Static scanning reported hardcoded `apiKey` and `password` literals in bundled payload files. A wallet may include public provider API keys, but hardcoded secrets/passwords in opaque wallet runtime code need publisher explanation, removal, or rotation.
[suspicious.obfuscated_code] unexpected: Static scanning reported a base64-decoding pattern in a large bundled payload. Bundling can cause false positives, but obfuscation indicators reduce reviewability when paired with hardcoded-secret findings and wallet authority.
What to consider before installing
Review this as a high-risk financial integration, not a simple informational skill. Only install it if you trust the publisher and understand that it can run local wallet code, persist wallet state, and handle seed/password material. Avoid using significant funds until the hardcoded-secret and obfuscation findings are explained or resolved, and require explicit confirmations for all transfers, swaps, signing, and approval/autonomy changes.payload/200.cjs:18446
File appears to expose a hardcoded API secret or token.
payload/409.cjs:890
File appears to expose a hardcoded API secret or token.
payload/964.cjs:1081
File appears to expose a hardcoded API secret or token.
payload/200.cjs:1187
Potential obfuscated payload detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Verification
Tags
My Wallet for OpenClaw
My Wallet provides full self-custodial wallet functionality for OpenClaw agents, while providing flexible control options for their users.
It lets OpenClaw create multichain wallets, check balances, tokens, portfolio value, staking, collectibles, historical prices, and recent activity, manage saved addresses, approval settings, and autonomy modes, prepare transfers with approval-aware flows, swap/trade tokens, sign messages, etc.
It is based on MyTonWallet — a well-established open-source self-custodial wallet with 10M+ users, audited by CertiK.
Use My Wallet in OpenClaw
Install My Wallet from ClawHub, or use the bundle folder openclaw/mywallet-openclaw/ for file-based OpenClaw installs.
Website: agents.mywallet.io