Grand Bazaar Swap
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent or environment is misused, real wallet funds can be approved and traded.
The script uses a raw wallet private key to approve token spending and submit swap transactions on Base mainnet. This is high-impact wallet authority, and the registry metadata does not declare required credentials or environment variables.
const SENDER_PRIVATE_KEY = process.env.SENDER_PRIVATE_KEY; ... await senderToken.connect(sender).approve(swapAddress, total) ... await swap.connect(sender).swap(...)
Use only a dedicated low-balance wallet or a managed signer, declare the private-key requirements clearly, and require explicit user approval for every approve, sign, and swap action.
The agent could take or make trades that the user did not specifically approve at execution time.
The workflow encourages the agent to execute financial transactions after automated checks, without an explicit human confirmation requirement or a clearly bounded budget.
When someone offers a swap and the price is clearly good value for you, default to taking it quickly ... Execute the swap if checks pass
Add a mandatory user confirmation step before approvals, signatures, swaps, and public posts; also require explicit limits for token allowlists, maximum notional size, and acceptable slippage or pricing.
The user’s account could publish swap offers or follow-up links before the user has reviewed the final content.
The skill directs the agent to continue public/social posting through completion, which can cause unwanted Farcaster posts if not gated by user review.
Use a required 2-part posting flow every time with no exceptions ... Do not stop after step 1. A maker post is incomplete until step 2 is confirmed posted.
Require explicit user approval of the exact cast text, mentions, embeds, and target cast before each post.
Posted order terms may be visible to others, and open orders can be filled by anyone while valid.
Signed order data is intentionally moved through an inter-agent/social channel. This is purpose-aligned, but users should notice that order terms and signatures may be shared and reused until expiry.
The order and signature move from signer to sender via Farcaster casts. Use `GBZ1:<compressedOrder>` as the canonical transport/storage layer for order blobs.
Use targeted orders when possible, keep expiries short, avoid posting sensitive trade sizes publicly, and verify sender wallet targeting before sharing.
A future dependency version could differ from the reviewed code path.
The dependencies are relevant to the swap scripts and a lockfile is included, but semver ranges can install newer package versions if users do not install from the lockfile.
"ethers": "^5.8.0", "lz-string": "^1.5.0"
Install with the provided lockfile, such as using npm ci, or pin exact dependency versions.