check-hymx-info
PassAudited by VirusTotal on May 9, 2026.
Overview
Type: OpenClaw Skill Name: check-hymx-info Version: 1.0.3 The skill is designed to fetch and format cross-chain token information from the Hymatrix network. The script `script/index.js` retrieves data from a legitimate-appearing API endpoint (hymatrix.com) and processes it to provide token details like symbols, decimals, and bridge fees, which aligns perfectly with the documentation in `SKILL.md`. No suspicious behaviors such as data exfiltration, command execution, or prompt injection were identified.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The token, fee, and bridge information shown to the user depends on Hymatrix API responses; if those endpoints are unavailable or incorrect, the skill may return wrong bridge information.
When invoked, the skill fetches live bridge data and then uses the returned bridgeNodeUrl to fetch per-token cache data. This is aligned with the lookup purpose, but the output and secondary network requests depend on the external service.
const ENDPOINTS = { AOX: 'https://api-bridgescan-dev.hymatrix.com/info' } ... getHymxCacheTokenInfo(hymatrixBridgeInfo.bridgeNodeUrl, item.wrappedTokenId, 'info')Use the output as informational data and verify token or bridge details from an official source before making financial transactions.