ClawHub

Aidex

Security checks across malware telemetry and agentic risk

Overview

AIDEX is a disclosed Ethereum swap skill, but it gives an agent raw wallet-signing authority for irreversible swaps and approvals with limited built-in guardrails.

Review carefully before installing. Use only a dedicated trading wallet with limited funds, never a main wallet key. Require explicit confirmation for non-automatic swaps, set strict limits for any automated strategy, and review token addresses, amount, slippage, deadline, gas, approvals, and transaction hashes before relying on it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The auto-swap workflow describes unattended trading based on a vague 'target rate reached' condition without concrete guardrails such as exact predicates, max trade frequency, spending caps, cooldowns, token allowlists, or slippage/deadline safety requirements. In a financial skill that can sign transactions with a local private key, underspecified automation materially increases the risk of unintended or manipulated trades.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The documentation for swap.js describes the mechanics of signing and sending transactions, but it does not present a prominent, explicit user-facing warning that invoking this script can execute irreversible on-chain swaps and approvals using the configured private key. In an agent skill context, insufficient emphasis on this risk can lead to accidental high-impact actions by users or downstream agents that treat the script as routine automation rather than a transaction-executing operation.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation normalizes a flow where a locally available private key is used to sign and submit blockchain transactions, but it does not present an explicit, prominent warning that this can directly move user funds and approve arbitrary token spending if the returned transaction is malicious. In this skill context, that omission is significant because the API constructs opaque transaction calldata server-side, so users may overtrust the 'key never leaves the machine' claim while still signing dangerous transactions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal