ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Liberfi Swap

v1.0.0

Execute token swaps and manage on-chain transactions: list supported swap chains, browse available swap tokens, get swap quotes with price/slippage/route inf...

0· 26·0 current·0 all-time
by@bombmod
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (token swaps, quotes, build/sign/send transactions) maps directly to the listed lfi CLI commands and parameters. No unrelated binaries, env vars, or config paths are requested.
Instruction Scope
SKILL.md confines runtime actions to lfi CLI commands (query and mutating commands) and repeatedly warns to require explicit user confirmation before executing swaps. It references an external bootstrap.md for installation/connectivity (not included here). The skill also tells the agent to run authentication flows (lfi login key / lfi login / lfi verify) for execute/send operations; those are expected for a swap workflow but they grant the ability to authenticate and thus execute transactions if credentials/keys are available.
Install Mechanism
No install spec and no code files — instruction-only. Lower risk since nothing is written to disk by the skill itself. CLI install is delegated to external bootstrap documentation (not included).
Credentials
The skill declares no required environment variables or credentials. It relies on the platform/CLI auth flows for any JWT/TEE wallet access, which is proportionate to a swap/tx skill.
Persistence & Privilege
always: false (not force-included). disable-model-invocation: false (normal). Although the skill itself doesn't demand persistent privileges, it instructs the agent to perform authentication and can invoke commands capable of sending signed transactions; if an agent is allowed to authenticate (e.g., via 'lfi login key') and act autonomously, the blast radius increases. This is a behavioral risk to manage rather than an incoherence in the skill.
Assessment
This skill appears to do what it claims: use the LiberFi CLI to quote and execute swaps. Before installing, ensure you understand how the LiberFi CLI is installed (bootstrap.md) and who holds any login keys. The skill instructs the agent to authenticate and can run commands that send on-chain transactions — never give private keys or OTPs to the agent, and require explicit human confirmation before any 'lfi swap execute', 'lfi sign-and-send' or 'lfi tx send' is run. If you want to reduce risk, disable autonomous invocation for this skill or remove/deny the agent the ability to run login commands (so it can only fetch quotes and estimates). If you need higher assurance, ask the publisher for the referenced bootstrap.md and details about the TEE wallet and JWT flows so you can audit how authentication and signing are handled.

Like a lobster shell, security has layers — review code before you run it.

latestvk976x058ehr28d61qaf17x8ysx842p9p

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments