Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Trade

v0.1.0

Swap or trade tokens on Base network. Use when you or the user want to trade, swap, exchange, buy, sell, or convert between tokens like USDC, ETH, and WETH. Covers phrases like "buy ETH", "sell ETH for USDC", "convert USDC to ETH", "get some ETH".

⭐ 0· 916·5 current·5 all-time

by@0xrag

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

✓

Purpose & Capability

Name/description match the runtime instructions: the SKILL.md tells the agent to perform token swaps on Base using the `npx awal@latest trade` CLI, and the token aliases/arguments align with that purpose.

ℹ

Instruction Scope

Instructions are narrowly scoped to calling the `awal` CLI (status/trade/balance) and handling amounts/tokens; they do not ask the agent to read arbitrary system files. However, they direct the agent to execute remote code (npx) that will interact with the user's wallet — the exact wallet access surface is not described here.

Install Mechanism

There is no install spec in the skill, but allowed-tools explicitly rely on `npx awal@latest`. Running npx fetches and executes code from the npm registry at runtime, and the skill pins to @latest (unversioned), introducing supply-chain / arbitrary remote-code risk. This is expected for a CLI-based approach but is a noteworthy risk that is not mitigated here (no pinned version, no source/homepage).

Credentials

The skill declares no required env vars or credentials, yet trading requires a wallet/authentication step. The SKILL.md refers to being "authenticated" and an external `authenticate-wallet` skill, but it does not declare what secrets or local wallet files the CLI will access. Lack of explicit credential declarations hides where private keys or wallets will be read or supplied.

✓

Persistence & Privilege

The skill is user-invocable, not always-included, and does not request persistent privileges or modify other skills. Autonomous invocation is enabled (disable-model-invocation: false), which is normal; nothing here grants unusual system-wide persistence.

What to consider before installing

This skill does what it says (trades tokens) but it executes an unpinned npm package at runtime (npx awal@latest) and relies on a wallet authentication step that is not described. Before installing or using it: verify the `awal` CLI's source and maintainers, prefer a pinned version rather than @latest, inspect the package code (or its published repository) to see how it handles keys and approvals, and avoid entering private keys into prompts unless you trust the package. If possible, run trades from an isolated/hard-limited wallet (small funds) or ask the author for a versioned, auditable integration that documents exactly how authentication and signing are performed.

Like a lobster shell, security has layers — review code before you run it.

latestvk970s5pthwsfhjss7z4cc90ak180y4rh

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Trade

License

Comments