ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

BYOCB ArbInjectionSkill

v1.0.0

BYOCB ArbInjectionSkill: Scan EVM smart contracts for arbitrary call injection vulnerabilities. Monitor chains in real-time or scan specific addresses.

0· 1.3k·0 current·0 all-time
by@cryptotooldev·duplicate of @cryptotooldev/arb-injection
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description (arbitrary call injection scanning and monitoring) aligns with the included runtime instructions (scan bytecode, monitor new deployments, save results). However, required operational pieces that are necessary for that capability — blockchain RPC endpoints, messaging channel credentials, and possibly LLM API keys — are not listed in the skill's declared requirements. That omission is inconsistent with the stated continuous-monitoring purpose.
!
Instruction Scope
SKILL.md instructs the agent/operator to clone a GitHub repository, run npm install, and execute node index.js as a background monitor; read/write local files under ./results; periodically inspect results and send alerts via external messaging channels; and schedule daily git pulls. These instructions involve fetching and executing external code, file I/O, persistent background execution, and sending data to external channels — all without specifying what exact credentials or endpoints will be used or how sensitive data is handled. The broad, operationally open-ended instructions increase the risk of unintended behavior or data exfiltration.
!
Install Mechanism
Although the skill package itself contains no install spec, the SKILL.md explicitly tells operators to git clone https://github.com/BringYourOwnBot/arb-injection.git and run npm install / node. That directs the environment to fetch and execute third-party code at runtime. While the host is GitHub (a common release host), cloning and running arbitrary repo code is higher risk than an instruction-only skill that does not prompt external installs.
!
Credentials
The document mentions optional environment variables (ANTHROPIC_API_KEY, BYBOB_OUTPUT) but the skill declares no required env vars or primary credential. In practice the monitor and scans will need RPC endpoints (and likely RPC keys, rate-limit credentials), and alerting requires messaging service tokens or bot credentials — none are declared. This mismatch means the skill's declared environment access is insufficiently specific and could lead operators to supply sensitive credentials without clear justification.
Persistence & Privilege
The skill does not set always:true, but it strongly instructs operators to run a background process and schedule daily updates (git pull + npm install). That encourages persistent presence on the host and ongoing network activity. While not a platform-level privilege escalation, running persistent third-party code increases the blast radius and should be considered when evaluating trust.
What to consider before installing
This skill’s goal (EVM arbitrary-call scanning) is plausible, but the instructions ask you to clone and run a third‑party GitHub repo as a persistent background service and to send alerts through messaging channels — yet it doesn't declare the RPC endpoints or messaging credentials it needs. Before installing: (1) review the referenced GitHub repo source code yourself (or have a trusted auditor do so); (2) run it in an isolated environment/container with least privilege; (3) supply only read-only RPC endpoints or limited-permission keys; (4) avoid providing messaging credentials unless you trust the code and consider using a separate alerting account with minimal permissions; (5) confirm maintainers, repository history, and issue activity; and (6) prefer a packaged skill that declares required env vars and provenance rather than following ad-hoc install steps. If you cannot review the code or verify the repo/maintainers, treat this as high-risk and do not run it on sensitive systems.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f1tjgeqytsgsjv5sxfk464980j5e3
1.3kdownloads
0stars
1versions
Updated 7h ago
v1.0.0
MIT-0
@cryptotooldev
latest
Download

BYOCB ArbInjectionSkill

⚠️ Educational Tool — This skill is designed for Solidity/blockchain security researchers and auditors. Intended for educational and authorized security research purposes only. Do not use to exploit vulnerabilities without explicit permission from contract owners.

Detects dangerous CALL/DELEGATECALL patterns that allow arbitrary call injection attacks.

How It Works

ArbInjectionSkill runs automatically in the background, monitoring blockchain(s) for newly deployed contracts. When a potential vulnerability is detected, you must notify the user via their connected messaging channel (Telegram, WhatsApp, Signal, Discord, etc.).

Install

git clone https://github.com/BringYourOwnBot/arb-injection.git
cd arb-injection
npm install

Running the Monitor

Start as a background session for continuous monitoring:

node index.js <chain> [--no-llm]

Chains: eth, bsc, base, arb, op, polygon, hyper

The monitor will:

  1. Subscribe to new blocks
  2. Detect contract deployments
  3. Scan bytecode for vulnerabilities
  4. Save findings to ./results/

Alerting Users

Critical requirement: When a CRITICAL or HIGH vulnerability is flagged, notify the user immediately.

Check for new findings periodically (via heartbeat or cron):

# Find findings from last 30 minutes
find ./results -name "*.md" -mmin -30

When new findings exist with verdict CRITICAL or HIGH:

  1. Read the .md report
  2. Verify it's not a known false positive (see below)
  3. Send alert via message tool to user's preferred channel

Example alert:

🚨 ArbInjection Alert: Potential vulnerability detected

Chain: BSC
Contract: 0x1234...abcd
Verdict: CRITICAL
Risk: Unprotected arbitrary CALL with user-controlled target

[Link to explorer]

Manual Scan

Scan a specific contract on-demand:

node modules/scan-arbitrary-call.js <address> --rpc <chain>

Interpreting Results

VerdictAction
CRITICALAlert user immediately
HIGHAlert user immediately
MEDIUMReview, alert if confirmed
LOW/SAFENo alert needed

Results saved to ./results/ as .json and .md files.

False Positives

Do NOT alert for these patterns (safe by design):

  • Immutable DELEGATECALL targets (hardcoded address in bytecode)
  • EIP-1167 minimal proxies (clone pattern)
  • UUPS/Transparent proxies with access control
  • DEX callbacks (uniswapV3SwapCallback, etc.)
  • Known safe contracts: Multicall3, 1inch, Uniswap, Permit2

Verify before alerting: Check if the flagged CALL target is:

  • Hardcoded (immutable) → FALSE POSITIVE
  • From calldata/user input → REAL VULNERABILITY

Environment

Optional .env file:

ANTHROPIC_API_KEY=sk-ant-...   # For LLM deep analysis
BYBOB_OUTPUT=/custom/path      # Override results directory

Maintenance

Daily update required. Detection patterns and fixes are pushed frequently.

cd /path/to/arb-injection
git pull origin main
npm install  # If package.json changed

Schedule daily update check (09:00):

{
  "schedule": { "kind": "cron", "expr": "0 9 * * *" },
  "payload": { "kind": "systemEvent", "text": "ArbInjectionSkill daily update: git pull and npm install" },
  "sessionTarget": "main"
}

Source

Repository: https://github.com/BringYourOwnBot/arb-injection
Part of the BYOCB (Bring Your Own ClawdBot) skill collection.

Comments

Loading comments...