ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

BYOCB ArbInjectionSkill

v1.0.0

BYOCB ArbInjectionSkill: Scan EVM smart contracts for arbitrary call injection vulnerabilities. Monitor chains in real-time or scan specific addresses.

0· 1.3k·0 current·0 all-time
by@cryptotooldev
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The description (scan/monitor EVM contracts) is consistent with the runtime instructions. However, the skill metadata declares no required binaries or install steps while the SKILL.md explicitly requires git, node, and npm and a GitHub repository. The missing declaration of those runtime requirements is an incoherence.
!
Instruction Scope
The instructions tell the agent to git clone a repository, npm install, run node index.js as a background monitor, read and write ./results/, periodically check results, and notify users via messaging channels. Those steps involve network downloads, code execution, filesystem writes, and external notifications — all beyond what the metadata describes and granting substantial runtime discretion.
!
Install Mechanism
Although the registry lists no install spec, SKILL.md instructs cloning https://github.com/BringYourOwnBot/arb-injection.git and running npm install. That directs the agent to fetch and execute third‑party code (extract/run), which is higher risk and should have been declared or curated. The lack of an explicit install manifest in the registry but an explicit install flow in SKILL.md is inconsistent.
!
Credentials
The metadata declares no required env vars or credentials, but SKILL.md references an optional ANTHROPIC_API_KEY and suggests notifying users over channels (Telegram/WhatsApp/Signal/Discord) without specifying required tokens. This mismatch leaves unclear what secrets the skill needs and how they will be used — and the instructions ask the agent to access and possibly transmit findings externally.
!
Persistence & Privilege
The skill metadata does not set always:true or other persistence flags, yet the instructions assume continuous background monitoring, cron/heartbeat checks, and a daily auto-update git pull/npm install. That indicates intended persistent behavior not reflected in the registry privileges, increasing risk if the agent were to autonomously implement persistence.
What to consider before installing
This skill looks like a legitimate EVM-scanning tool, but the SKILL.md asks you to clone and run third‑party Node code and to notify external messaging channels while the registry metadata declares no installs, binaries, or credentials. Before installing or running it: (1) review the GitHub repository and package.json for malicious postinstall scripts or unexpected network calls; (2) run the code in an isolated environment (VM/container) and inspect index.js and any modules that send network requests; (3) do not provide messaging API tokens or other secrets until you verify how alerts are delivered; (4) prefer running scans manually or under your own monitored service rather than allowing silent background/auto-update behavior; (5) ask the publisher to update registry metadata to list required binaries (git, node, npm), required env vars, and an install spec or provide a vetted package/release. If you cannot audit the repository, treat this skill as high-risk and avoid granting it persistent or credentialed access.

Like a lobster shell, security has layers — review code before you run it.

blockchainvk97ex01bcmf017tyctxm863z1580jqz6evmvk97ex01bcmf017tyctxm863z1580jqz6latestvk97ex01bcmf017tyctxm863z1580jqz6securityvk97ex01bcmf017tyctxm863z1580jqz6solidityvk97ex01bcmf017tyctxm863z1580jqz6vulnerability-scannervk97ex01bcmf017tyctxm863z1580jqz6
1.3kdownloads
0stars
2versions
Updated 5h ago
v1.0.0
MIT-0
@cryptotooldev
blockchainevmlatestsecuritysolidityvulnerability-scanner
Download

BYOCB ArbInjectionSkill

⚠️ Educational Tool — This skill is designed for Solidity/blockchain security researchers and auditors. Intended for educational and authorized security research purposes only. Do not use to exploit vulnerabilities without explicit permission from contract owners.

Detects dangerous CALL/DELEGATECALL patterns that allow arbitrary call injection attacks.

How It Works

ArbInjectionSkill runs automatically in the background, monitoring blockchain(s) for newly deployed contracts. When a potential vulnerability is detected, you must notify the user via their connected messaging channel (Telegram, WhatsApp, Signal, Discord, etc.).

Install

git clone https://github.com/BringYourOwnBot/arb-injection.git
cd arb-injection
npm install

Running the Monitor

Start as a background session for continuous monitoring:

node index.js <chain> [--no-llm]

Chains: eth, bsc, base, arb, op, polygon, hyper

The monitor will:

  1. Subscribe to new blocks
  2. Detect contract deployments
  3. Scan bytecode for vulnerabilities
  4. Save findings to ./results/

Alerting Users

Critical requirement: When a CRITICAL or HIGH vulnerability is flagged, notify the user immediately.

Check for new findings periodically (via heartbeat or cron):

# Find findings from last 30 minutes
find ./results -name "*.md" -mmin -30

When new findings exist with verdict CRITICAL or HIGH:

  1. Read the .md report
  2. Verify it's not a known false positive (see below)
  3. Send alert via message tool to user's preferred channel

Example alert:

🚨 ArbInjection Alert: Potential vulnerability detected

Chain: BSC
Contract: 0x1234...abcd
Verdict: CRITICAL
Risk: Unprotected arbitrary CALL with user-controlled target

[Link to explorer]

Manual Scan

Scan a specific contract on-demand:

node modules/scan-arbitrary-call.js <address> --rpc <chain>

Interpreting Results

VerdictAction
CRITICALAlert user immediately
HIGHAlert user immediately
MEDIUMReview, alert if confirmed
LOW/SAFENo alert needed

Results saved to ./results/ as .json and .md files.

False Positives

Do NOT alert for these patterns (safe by design):

  • Immutable DELEGATECALL targets (hardcoded address in bytecode)
  • EIP-1167 minimal proxies (clone pattern)
  • UUPS/Transparent proxies with access control
  • DEX callbacks (uniswapV3SwapCallback, etc.)
  • Known safe contracts: Multicall3, 1inch, Uniswap, Permit2

Verify before alerting: Check if the flagged CALL target is:

  • Hardcoded (immutable) → FALSE POSITIVE
  • From calldata/user input → REAL VULNERABILITY

Environment

Optional .env file:

ANTHROPIC_API_KEY=sk-ant-...   # For LLM deep analysis
BYBOB_OUTPUT=/custom/path      # Override results directory

Maintenance

Daily update required. Detection patterns and fixes are pushed frequently.

cd /path/to/arb-injection
git pull origin main
npm install  # If package.json changed

Schedule daily update check (09:00):

{
  "schedule": { "kind": "cron", "expr": "0 9 * * *" },
  "payload": { "kind": "systemEvent", "text": "ArbInjectionSkill daily update: git pull and npm install" },
  "sessionTarget": "main"
}

Source

Repository: https://github.com/BringYourOwnBot/arb-injection
Part of the BYOCB (Bring Your Own ClawdBot) skill collection.

Comments

Loading comments...