SushiSwap API
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (base64-block); human review is required before treating this skill as clean.
This skill appears safe to install as documentation-only, but use it cautiously for crypto transactions: verify the official SushiSwap API schema, ensure the referrer and any fee settings are expected, and never sign a generated transaction until the wallet details match your intent. ClawScan detected prompt-injection indicators (base64-block), so this skill requires review even though the model response was benign.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could be presented with calldata for a token swap; if they sign it without review, funds may move according to those parameters.
The skill can produce transaction payloads that could move crypto assets if a user later signs and submits them. This is purpose-aligned, but it is high-impact financial workflow material.
Swap endpoints return **executable transaction data** - `tx.to` - `tx.data` - `tx.value` - `tx.gas`
Show the user the chain, tokens, amount, recipient, slippage, price impact, fees, and target contract before any wallet signing or submission.
A swap request may include referrer or fee-related settings that affect costs or fee distribution.
The artifacts disclose fee/referrer behavior that can affect the economics of a swap. No hidden fee receiver is present, but fee parameters should be handled transparently.
The SushiSwap API supports customized integrator fees ... 80% to the integrator (referrer) ... 20% to SushiSwap
Do not set a nonzero fee or fee receiver unless the user or integrator explicitly requested it, and disclose the exact fee/referrer values in the response.
Users have less assurance that the bundled schema exactly matches the official SushiSwap API documentation.
The skill is instruction-only and has no installable code, but its provenance is not established in the supplied metadata.
Source: unknown; Homepage: none
Verify the OpenAPI schema and base URL against official SushiSwap sources before using this skill for production or high-value swaps.