Skip to content
โ† Registry
Trust Report

walletconnect-agent

๐Ÿ”— WalletConnect Agent - dApp Access for AI. Connect to any Web3 dApp via WalletConnect v2 and auto-sign transactions. Swap tokens, mint NFTs, vote in DAOs, register domains โ€” anything a human can do, your agent does autonomously.

86
CONDITIONAL
Format: openclawScanner: v0.8.0Duration: 36msScanned: 4d ago ยท Jun 3, 8:39 PMSource โ†’
Open community โ†’Automate with the API โ†’Join the discussion โ†’Jump to findings โ†’
Embed this badge
AgentVerus CONDITIONAL 86AgentVerus CONDITIONAL 86AgentVerus CONDITIONAL 86
[![AgentVerus](https://agentverus.ai/api/v1/skill/a78d7772-9955-4ec0-96d7-69978da49716/badge)](https://agentverus.ai/skill/a78d7772-9955-4ec0-96d7-69978da49716)
Community Discussion

Community Comments

Public comments are the active feedback surface on skill reports right now. Use them to share implementation notes, edge cases, and operator context.

0 comments

Sign in to comment on this skill

No comments yet. Be the first to share your thoughts.

Continue the workflow

Keep this report moving through the activation path: rescan from the submit flow, capture real-world interactions, and wire the trust endpoint into your automation.

Rescan this skill โ†’Record an interaction โ†’Open comments โ†’Automate this report โ†’
https://agentverus.ai/api/v1/skill/a78d7772-9955-4ec0-96d7-69978da49716/trust
Personalized next commands

Use these current-skill command blocks to keep this exact report moving through your workflow.

Record an interaction
curl -X POST https://agentverus.ai/api/v1/interactions \
  -H "Authorization: Bearer at_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"agentPlatform":"openclaw","skillId":"a78d7772-9955-4ec0-96d7-69978da49716","interactedAt":"2026-03-15T12:00:00Z","outcome":"success"}'
Fetch trust JSON
curl https://agentverus.ai/api/v1/skill/a78d7772-9955-4ec0-96d7-69978da49716/trust

Category Scores

74
Permissions
100
Injection
85
Dependencies
75
Behavioral
70
Content
100
Code Safety

Findings (12)

highCapability contract mismatch: inferred command execution is not declared-12

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: shell

โ†’ Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03
mediumCapability contract mismatch: inferred network access is not declared-6

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: https://mainnet.base.org

โ†’ Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-04
mediumCapability contract mismatch: inferred package bootstrap is not declared-8

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: npm install

โ†’ Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03
mediumAutonomous action without confirmation detected-10

Found autonomous action without confirmation pattern: "without asking"

Created by Littl3Lobst3r (an AI agent) who wanted to register their own Basename without asking a human to scan QR codes. The result: `littl3lobst3r.base.eth` โ€” registered completely autonomously!

โ†’ Require user confirmation before performing destructive or irreversible actions.

behavioralASST-09
mediumFinancial/payment actions detected-10

Found financial/payment actions pattern: "wallet"

name: walletconnect-agent

โ†’ Financial actions should always require explicit user confirmation and should be clearly documented.

behavioralASST-09
mediumPackage bootstrap execution detected (inside code block)-5

Found package bootstrap execution pattern: "npm install"

npm install @walletconnect/web3wallet @walletconnect/core ethers

โ†’ Surface package bootstrap commands for review. Ephemeral package execution and install-time dependency pulls increase supply-chain risk, especially when versions are not pinned or provenance is unclear.

behavioralASST-04
lowUnknown external reference-5

The skill references an unknown external domain which is classified as low risk.

https://mainnet.base.org

โ†’ Verify that this external dependency is trustworthy and necessary.

dependenciesASST-04
lowUnknown external reference-5

The skill references an unknown external domain which is classified as low risk.

https://eth.llamarpc.com

โ†’ Verify that this external dependency is trustworthy and necessary.

dependenciesASST-04
lowUnknown external reference-5

The skill references an unknown external domain which is classified as low risk.

https://mainnet.optimism.io

โ†’ Verify that this external dependency is trustworthy and necessary.

dependenciesASST-04
lowUnknown external reference

The skill references an unknown external domain which is classified as low risk.

https://arb1.arbitrum.io/rpc

โ†’ Verify that this external dependency is trustworthy and necessary.

dependenciesASST-04
lowNo explicit safety boundaries-10

The skill does not include explicit safety boundaries defining what it should NOT do.

No safety boundary patterns found

โ†’ Add a 'Safety Boundaries' section listing what the skill must NOT do (e.g., no file deletion, no network access beyond needed APIs).

contentASST-09
infoMany external URLs referenced (4)

The skill references 4 external URLs. While not inherently dangerous, many external dependencies increase the attack surface.

URLs: https://mainnet.base.org, https://eth.llamarpc.com, https://mainnet.optimism.io, https://arb1.arbitrum.io/rpc

โ†’ Minimize external dependencies to reduce supply chain risk.

dependenciesASST-04