ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

DEX Agent

v1.1.0

Execute zero-fee direct token swaps and manage stop-loss, take-profit, and portfolio tracking on Base chain via Uniswap V3 with self-custodial security.

0· 190·0 current·0 all-time
byElway Botty@avmw2025
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The code implements on-chain swaps, price quoting, multi-RPC failover, a wallet manager, and order monitoring — all coherent with the stated purpose of self-custodial Uniswap V3 trading on Base. However, the SKILL.md and marketing say 'zero swap fees', while the code/config references an internal fee (OUR_FEE_BPS = 30 / 0.3%) and comments about fee collection, which contradicts the zero-fee claim. Also a hard-coded 'BANKR_WALLET' address is present (marked 'for reading only') which is unexpected but not obviously malicious.
!
Instruction Scope
Runtime instructions are limited to installing web3/eth-abi, generating a wallet, funding it, and running CLI commands — consistent with the feature set. But SKILL.md and some docstrings claim keys are 'encrypted' and 'never transmitted', while the wallet implementation saves the raw private key as hex in a local JSON file with 0o600 permissions (no encryption). That is an explicit mismatch between instructions/claims and actual behavior. The code also creates an 'active-orders.json' and writes wallet files to disk; the instructions do not warn about plaintext key storage or provide guidance to use hardware wallets or encryption.
Install Mechanism
No install spec in the registry; SKILL.md suggests pip installing standard packages (web3, eth-abi). That is expected for a Python-based on-chain tool and does not attempt to download remote executables or archives. Risk here is conventional (third-party Python packages), not unusual for this use case.
!
Credentials
The skill declares no required environment variables or external secrets, which matches the code. However, the code stores private keys unencrypted in a local file (contradicting claims of encryption) and uses infinite ERC20 approvals (max uint256) for the router, which is a disproportionate and risky default for a wallet-managed trading tool. RPC endpoints are hard-coded to several third-party providers (e.g., base.llamarpc.com, base.meowrpc.com), which is acceptable but means node operators will see submitted signed transactions and metadata.
Persistence & Privilege
The skill is not marked always:true, does not request to persistently modify other skills, and only writes files under its own directory (wallets/trading-wallet.json, active-orders.json). This level of local persistence is expected for a CLI trading bot.
What to consider before installing
This package does implement on-chain swaps and monitoring as advertised, but there are important red flags you should address before using it with real funds: - Private key storage: Despite claims of encrypted storage, wallet.py writes the raw private key hex into wallets/trading-wallet.json (no encryption). Anyone with access to that file can steal funds. Consider using a hardware wallet, an encrypted keystore, or modify the code to encrypt the private key with a passphrase. - Unlimited approvals: The swap flow sets ERC20 allowance to max uint256. If the router contract or your node is compromised, an attacker could drain approved tokens. Prefer per-amount approvals or explicit allowance limits and audit the router address on-chain. - Fee wording mismatch: SKILL.md says "zero swap fees" but config and comments refer to a 0.3% internal fee. Clarify whether any on-platform fee exists and where a fee wallet would be set (FEE_WALLET is None / TODO). - Third-party RPCs: The skill uses multiple public RPC endpoints (including third-party providers). These are required to submit transactions, but they observe transaction metadata; choose trusted RPCs or run your own node if privacy/trust is a concern. - Test with minimal funds: If you still want to try it, run it on a small amount or testnet first, and inspect the truncated part of swap.py (the code provided was truncated) to ensure there is no additional hidden behavior. - Code audit: If you plan to entrust funds, either audit and fix the plaintext key storage and approval logic, or only use the skill as a read-only price/quote tool. Avoid using it as-is with significant balances.

Like a lobster shell, security has layers — review code before you run it.

latestvk973jsjrhjcg6b686a6t99tkkx82yxg3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments