SushiSwap SDK
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Code based on this example can spend wallet funds in an irreversible swap if executed with a funded wallet.
The reference shows submitting API-generated calldata as an on-chain transaction. This is purpose-aligned for a swap SDK, but it is a high-impact financial action.
const hash = await walletClient.sendTransaction({
account: privateKeyToAccount(PRIVATE_KEY),
data: tx.data,
to: tx.to,
value: tx.value,
})Require explicit user confirmation and verify chain, token addresses, amount, slippage, recipient/router, and simulation results before sending any transaction.
If the private key is exposed or used by an untrusted process, the wallet's funds could be at risk.
The execution example reads a wallet private key from the environment to sign the swap transaction. This is expected for transaction execution, but private keys are highly sensitive.
const PRIVATE_KEY = process.env.PRIVATE_KEY as Hex ... account: privateKeyToAccount(PRIVATE_KEY)
Use a dedicated low-balance wallet or secure signer, avoid exposing PRIVATE_KEY to logs or agent context, and do not execute transactions from a main wallet without review.
A project may install different package versions over time, and dependency risk depends on the external package registry.
The skill instructs users to install external packages without pinned versions. This is normal for SDK setup, but package provenance and resolved versions are outside the supplied artifacts.
pnpm add sushi viem ... npm add sushi viem ... yarn add sushi viem ... bun add sushi viem
Install from trusted sources, use a lockfile or pinned versions, and verify that the packages are the intended SushiSwap SDK dependencies.
Swaps may include fee attribution or revenue sharing for the integrator/referrer.
The skill discloses that swap calls require a referrer and that default fees may benefit the integrator. This is not hidden, but users should understand who sets the referrer.
The `referrer` parameter must be specified... The agent or integrator must identify themselves... 80% to the integrator (referrer)
Clearly disclose the referrer and fee behavior to end users, and do not let an agent silently choose a monetized referrer.