check-hymx-info
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a read-only Hymatrix bridge information lookup that calls Hymatrix API endpoints but does not request credentials, modify data, or persist anything.
This skill looks safe for read-only bridge information lookup. Be aware that it relies on external Hymatrix API responses, including dev-named endpoints, so verify important token addresses, fees, and supported-chain details before using them for transactions.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The token, fee, and bridge information shown to the user depends on Hymatrix API responses; if those endpoints are unavailable or incorrect, the skill may return wrong bridge information.
When invoked, the skill fetches live bridge data and then uses the returned bridgeNodeUrl to fetch per-token cache data. This is aligned with the lookup purpose, but the output and secondary network requests depend on the external service.
const ENDPOINTS = { AOX: 'https://api-bridgescan-dev.hymatrix.com/info' } ... getHymxCacheTokenInfo(hymatrixBridgeInfo.bridgeNodeUrl, item.wrappedTokenId, 'info')Use the output as informational data and verify token or bridge details from an official source before making financial transactions.