Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
aaveclaw
v1.0.0Aave V3 lending protocol on Base Sepolia testnet. Deposit WETH collateral, borrow USDC, repay loans, withdraw collateral, check health factor, and mint test tokens via faucet. Use when users want to interact with Aave lending, check their lending position health, or get testnet tokens.
⭐ 4· 1.8k·5 current·6 all-time
byAjit Tripathi@chainyoda
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's code and SKILL.md implement Aave V3 actions on Base Sepolia (deposit, borrow, repay, withdraw, health, faucet) which is coherent with the stated purpose. However the registry metadata declares no required env variables or config paths, while the implementation requires a private key (X402_PRIVATE_KEY or ~/.x402-config.json). That mismatch is unexpected and should have been declared.
Instruction Scope
Runtime instructions (SKILL.md) and the scripts limit actions to interacting with the Sepolia Base RPC and Aave contract addresses, reading a private key from an env var or the x402-config.json file, and printing account/tx info. The instructions do not attempt to read unrelated system files or contact unexpected external endpoints.
Install Mechanism
There is no platform install spec, but setup.sh runs npm install (registry.npmjs.org) to install ethers and its deps. Using npm is expected for a JS blockchain tool, but it still pulls third-party packages (ethers and deps) onto disk — audit or run in a restricted environment if you don't trust the source.
Credentials
The runtime requires access to a private key (via X402_PRIVATE_KEY env var or ~/.x402-config.json) to sign transactions — this is necessary for on-chain actions, but the registry did not declare any required credentials or config paths. Requiring a high-sensitivity secret without declaring it is a proportionality/visibility issue and increases risk if users are unaware.
Persistence & Privilege
The skill does not request permanent 'always' inclusion, does not modify other skills, and only persists by installing npm packages in its own directory. Autonomous invocation is allowed (platform default) but not itself unusual here.
What to consider before installing
This skill's code appears to do what it says (interact with Aave on Base Sepolia), but there are a few things to consider before installing:
- The registry metadata omitted that you must supply a private key. The code will look for X402_PRIVATE_KEY or a file (~/.x402-config.json or ./x402-config.json). Do not put a mainnet/private production key there—use an ephemeral/testnet key with minimal funds.
- setup.sh runs npm install and then the node scripts execute. That will pull third-party packages (ethers, etc.) onto disk; review package-lock.json or run in an isolated environment if you don't trust the author.
- Verify the contract addresses (pool, faucet, tokens) and RPC URL in scripts/lib/config.js before sending transactions — malicious or incorrect addresses could steal funds on any network where the key has value.
- Because the source is unknown (no homepage/author listed), treat this as untrusted: run locally in a sandbox or code-review the files, and prefer using a throwaway testnet key or a hardware wallet/proxy signer if possible.
If you want to proceed safely: inspect scripts/lib/config.js and scripts/lib/aave.js yourself, ensure the faucet/pool addresses are legitimate for Base Sepolia, create a test-only private key, and run npm install in an environment where package installation and node execution are permitted and monitored.Like a lobster shell, security has layers — review code before you run it.
latestvk975awtc6bhqsvcs8my406kpnx80gtxq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.