base-wallet
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill handles sensitive private keys and recovery mnemonics, which may be stored in the local filesystem under
~/.openclaw/wallets/if managed mode is selected. Evidence: Interacted with inscripts/create-wallet.jsandscripts/basemail-register.js. Mitigations include the use of strict owner-only file permissions. - [EXTERNAL_DOWNLOADS]: The skill initiates network requests to vendor APIs and blockchain infrastructure. Evidence:
scripts/basemail-register.jsperforms fetch calls toapi.basemail.aifor authentication and email registration workflows. - [COMMAND_EXECUTION]: Provides CLI utilities for cryptographic identity generation and message signing. Evidence:
create-wallet.jsexecutes random wallet generation and prints private keys to standard output for user configuration. - [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by signing data fetched from a remote API without validation. Evidence:
scripts/basemail-register.jssigns a message retrieved from the BaseMail API. 1. Ingestion point:api.basemail.ai. 2. Boundary markers: Absent. 3. Capability inventory: Wallet signing and filesystem write operations. 4. Sanitization: No sanitization or validation of the remote message prior to signing.
Audit Metadata