ClawHub

SushiSwap SDK

Security checks across malware telemetry and agentic risk

Overview

This appears to be legitimate SushiSwap SDK documentation, but its example can sign and broadcast real blockchain transactions using an environment private key without clear review or consent safeguards.

Review before installing. Use this only for developer-controlled SushiSwap integrations, never expose a primary wallet private key to an agent or logs, and require explicit approval after inspecting chain, token addresses, amount, recipient, router, calldata, value, slippage, fees, and expected output before any transaction is signed or broadcast.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The reference states that swap calldata must be used exactly as returned by the API, yet the example signs and sends using a locally derived account rather than clearly enforcing consistency with the API-provided transaction fields. In a transaction-generation context, this mismatch can cause failed execution, incorrect routing assumptions, or user confusion about which account the swap was quoted for, especially if integrators copy the example directly.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation instructs agents or integrators to use API-returned swap transaction data 'exactly as provided' for simulation or execution, but it does not warn that this produces executable on-chain transactions with real financial consequences. In an agent context, this omission can normalize unsafe forwarding of calldata and value-bearing transactions without explicit user confirmation, transaction preview, slippage/routing review, or destination validation.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The example demonstrates submitting a real blockchain transaction with a private key from the environment but gives no warning that this will spend funds or interact with mainnet. In SDK reference material, copy-pasted examples are often used verbatim, so omitting explicit cautions increases the chance that users unintentionally broadcast live transactions, incur losses, or expose sensitive operational practices.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal