ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

test

v1.0.0

Build unsigned DeFi transactions from natural language. Use when the user wants to send, transfer, swap, stake, unstake, wrap, unwrap, supply, withdraw, borr...

1· 26·0 current·0 all-time
byBiresh Biswas@billa05
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (build unsigned DeFi transactions) aligns with the declared binary dependency (defi-skills) and the need for a wallet address as the 'from' address. Requiring a WALLET_ADDRESS is reasonable for building transactions.
Instruction Scope
SKILL.md is focused on building unsigned txns with the defi-skills CLI and instructs the agent to call the CLI, check responses, and confirm multi-step plans. It does not ask the agent to read arbitrary system files or secrets. However the instructions include a pip install command (with an extra-index-url) and describe needing API keys (Alchemy, TheGraph) for many actions — these keys are referenced in the runtime instructions but are not declared in the skill metadata.
Install Mechanism
There is no formal install spec (lowest platform risk), but SKILL.md contains a pip install command that pulls from a Nethermind JFrog index. That is plausible given the project's homepage, but it means the skill's runtime depends on installing a package from an external repository described only in the docs rather than in a vetted install spec.
!
Credentials
Metadata only declares WALLET_ADDRESS (which is reasonable). But the runtime docs explicitly state many actions require ALCHEMY_API_KEY and sometimes THEGRAPH_API_KEY (and that the CLI must be configured with them). Those API keys are not listed in requires.env. Also WALLET_ADDRESS is marked as the primary credential even though a wallet address is usually public/non-secret; this could confuse users about what to provide and where secrets are stored.
Persistence & Privilege
always is false and there are no requested config paths or system-wide modifications. The skill can be invoked autonomously by agents (default), which is normal; combine with other concerns (undeclared API keys, install-from-docs) when deciding whether to allow autonomous runs.
What to consider before installing
Before installing or enabling this skill: (1) Verify the CLI package source — SKILL.md suggests pip installing from a Nethermind JFrog URL; confirm that matches the official project and that you trust that repository. (2) Understand credentials: the skill metadata only lists WALLET_ADDRESS, but the docs say many actions require ALCHEMY_API_KEY and THEGRAPH_API_KEY (set via the CLI). Ask the author why those keys are not declared and how they are stored by the CLI. (3) WALLET_ADDRESS is not a signing key — the skill builds unsigned transactions and does not sign or broadcast them, but a malicious or misconfigured consumer could build transactions without your clear consent; require confirmation for any 'max' or large-value operations. (4) If you allow autonomous invocation, be cautious: an autonomous agent with this skill can craft transactions (unsigned) based on user prompts; consider restricting autonomous use until you audit the CLI. (5) If you plan to install the CLI, verify the package integrity (official docs, checksums, or repository) rather than blindly running the pip command in the README.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fn195pta1t7ysd4yw39q91n84500v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsdefi-skills
EnvWALLET_ADDRESS
Primary envWALLET_ADDRESS

Comments