ClawHub

ZeroEx Swap

Security checks across malware telemetry and agentic risk

Overview

This skill is a real cryptocurrency swap tool that is mostly transparent, but it needs review because it uses a raw wallet private key and can submit irreversible transactions without an explicit confirmation step.

Install only after understanding that this can spend real funds and gas. Use a dedicated low-balance hot wallet, never a primary wallet private key, review token addresses, chain, amount, spender, and transaction target before every swap, and prefer adding a confirmation or dry-run flow before letting an agent execute swap.js.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The code attempts to read token allowance with token.allowance(wallet.address, quote.to), but allowance is not included in the contract ABI. In ethers this will fail at runtime, preventing the advertised exact-amount approval logic from working and potentially causing users to bypass or remove the check, which is especially dangerous in a script that signs live asset-moving transactions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README includes a `node swap.js` example immediately after instructing users to export a live `PRIVATE_KEY`, but it does not clearly warn that this command will sign and broadcast a real on-chain transaction. In an agent-skill context, this increases the chance that a user or automated system will execute the example as a harmless demo, potentially causing unintended fund movement, gas expenditure, and token approvals.

Missing User Warnings

High
Confidence
98% confidence
Finding
The script sends a real on-chain swap transaction immediately after fetching a quote, with no interactive confirmation, simulation, or sanity checks on recipient, chain, slippage, or contract target. In a skill context that may be run by an agent or automation, this materially increases the chance of irreversible loss from bad parameters, malicious quotes, or user misunderstanding.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal