v1.0.0

DEX Swap & Broadcast

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:53 AM.

Analysis

This skill is not overtly malicious, but it should be reviewed carefully because it asks for wallet/API credentials and can broadcast irreversible token swap transactions.

GuidanceInstall or use this only if you intentionally want an agent-assisted on-chain swap executor. Treat every generated transaction as irreversible: verify the destination, token contracts, amount, slippage, approvals, and fees before signing, and avoid giving the agent raw private keys whenever external signing is possible.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

"FULL lifecycle: /swap endpoint (get tx data) + /broadcast-transaction endpoint (submit signed tx)" and "Token approval handling (ERC-20 approve)"

The skill is explicitly designed to create, sign, and broadcast on-chain swap transactions and handle token approvals. These are irreversible financial actions and can grant token-spending rights.

User impactA mistaken, unauthorized, or poorly reviewed invocation could swap funds, pay fees, or approve a spender on-chain.

RecommendationUse only with explicit per-transaction user confirmation. Verify token addresses, recipient, amount, slippage, spender/approval amount, chain, calldata, and gas before signing or broadcasting.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

metadata

"Source: unknown"; "Homepage: none"; "No install spec — this is an instruction-only skill"; "1 code file(s): scripts/easy_swap.py"

The artifacts include a financial API client but provide no clear source/homepage provenance or install contract. This is not malicious by itself, but users should inspect provenance before trusting it with signing or API credentials.

User impactIt may be harder to verify whether the bundled code matches an official or trusted implementation.

RecommendationReview the included script and compare behavior against official OKX DEX documentation before using it with real funds.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

SKILL.md

"required_context: [api_key, secret_key, passphrase, user_wallet_address, private_key_or_signer]"

The skill requests OKX API secrets and wallet signing authority. The registry metadata declares no primary credential or required env vars, so the sensitive privilege requirement is under-disclosed at install time.

User impactIf mishandled, these credentials or signing capabilities could enable account access or movement of wallet funds.

RecommendationDo not paste raw private keys into an agent workflow. Prefer hardware-wallet or external signing, use least-privilege/revocable API keys, and keep execution disabled unless you intend to trade.