Credex Protocol
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill appears aligned with a Credex/USDC DeFi workflow, but it requires a raw wallet private key and can move, borrow, or approve funds without clearly declared credentials, confirmations, or consistent contract-address guidance.
Install only if you are comfortable with DeFi transaction risk. Use a burner/testnet wallet, verify the exact pool contract and agent URL, run state-changing commands manually, review amounts and allowances before signing, and install dependencies from the lockfile rather than letting npx fetch undeclared tooling.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user supplies a real wallet key, the skill process has full signing authority for that wallet.
A raw wallet private key can sign any transaction for that wallet, not only the intended Credex actions. This is especially important because the registry metadata says there are no required env vars or primary credential.
`WALLET_PRIVATE_KEY` | Private key for signing transactions. **Without this, all commands fail.**
Use only a dedicated burner/testnet wallet with minimal funds, and require the skill metadata to declare the private-key credential clearly.
A mistaken invocation could create debt, move USDC, bridge funds, or leave token allowances in place.
The CLI can approve token spending and then trigger protocol actions for user-supplied amounts, including a buffered full repayment, without a documented confirmation step, allowance cleanup, or dry-run safeguard.
const approveTx = await usdc.approve(CONFIG.POOL_ADDRESS, parseUsdc(repayAmount)); ... const result = await callAgent("/repay", { agentAddress: wallet.address, amount: repayAmount });Require explicit user confirmation for every state-changing command, show the chain, contract, amount, and approval before signing, and minimize or revoke allowances after use.
Following the wrong address guidance could send approvals or funds to an unintended pool contract.
This Quick Start pool address conflicts with the SKILL.md/scripts default address `0x32239e...`, so users may approve or deposit to a different contract than expected.
export CREDEX_POOL_ADDRESS=0x60C04c09ee252C4e99C1B56580F7A0D3c65a3b36
Publish one verified contract address per network, explain any migration, and make the CLI display and require confirmation of the pool address before writes.
The command runner may execute unreviewed or unexpected tooling before handling sensitive wallet operations.
The documented runtime uses `npx ts-node`, but package.json declares `tsx` and `typescript`, not `ts-node`; this can cause an undeclared package to be fetched outside the lockfile in a workflow that handles a wallet private key.
npx ts-node scripts/client.ts <command> [args]
Use `npm ci` with the provided lockfile and a declared, pinned runner, or update the docs to use the declared `tsx` script.
A wrong or malicious local/remote agent endpoint could give misleading results or route borrow/repay requests incorrectly.
Borrow/repay/status flows call a configurable Credex agent server. The code does not send the private key there, but it does trust that endpoint for transaction intent and results.
AGENT_URL: process.env.CREDEX_AGENT_URL || "http://localhost:10003"
Use only a trusted local agent endpoint, prefer authenticated/TLS endpoints for remote use, and verify returned transaction hashes on-chain.