ClawHub

SushiSwap API

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only SushiSwap API skill that clearly discloses quote, pricing, and transaction-data generation, with no hidden execution, credential access, persistence, or destructive behavior found.

Safe to install as an API reference skill, but treat generated swap transactions as financial actions. Before signing anything in a wallet, verify the chain, token addresses, amount, recipient, slippage, fee and fee receiver, referrer, target contract, and transaction value; pin integrations to the production Sushi API server rather than the SwaggerHub mock server.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill explicitly supports generating executable swap transaction data and directing agents to use swap endpoints, but it does not require user confirmation, risk disclosure, or clear boundaries between quoting and transaction-producing actions. In an agent setting, this can lead to users unintentionally authorizing financially consequential blockchain actions or being presented with ready-to-broadcast transaction payloads without sufficient warning.

Vague Triggers

Low
Confidence
82% confidence
Finding
The OpenAPI spec advertises both the production API and a public SwaggerHub mock server without clarifying that the mock endpoint is non-production-only. In agent or tool integrations that auto-select from the `servers` list, this can cause requests to be sent to a mock environment, leading to incorrect quotes, fake transaction payloads, or unsafe operational assumptions in a financial workflow.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal