BYOCB ArbInjectionSkill
WarnAudited by ClawScan on May 10, 2026.
Overview
This blockchain scanner has a coherent purpose, but it asks the agent to install and auto-update unreviewed GitHub/npm code and keep a background monitor with alerts running.
Install only if you trust and have reviewed the GitHub repository. Prefer pinning a specific commit, running it in a sandbox, disabling automatic updates until approved, confirming any background/cron setup, and using a restricted API key if LLM analysis is enabled.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A future repository or dependency change could alter what runs on the user's machine without being reviewed as part of this skill.
The skill directs installation and recurring updates from an unpinned remote repository, while the reviewed package contains no code, install spec, lockfile, or provenance evidence for what will be installed.
git clone https://github.com/BringYourOwnBot/arb-injection.git ... npm install ... Daily update required ... git pull origin main ... npm install
Pin a specific release or commit, include reviewed code and lockfiles, and require explicit user approval before pulling updates or reinstalling dependencies.
The user may run local code whose behavior cannot be verified from the submitted skill package.
The instruction-only skill tells the agent/user to execute Node.js code from the external repository; npm install may also run package lifecycle scripts, but that code is not present in the reviewed artifacts.
Start as a background session for continuous monitoring: node index.js <chain> [--no-llm]
Run only after inspecting the repository and dependencies, preferably in a sandbox, and avoid automatic execution of unreviewed updates.
The monitor and scheduled tasks could continue operating after the immediate task is complete, consuming resources and changing local files or installed code over time.
The skill documents long-running background monitoring and scheduled activity, but does not document a stop command, maximum runtime, alert limits, or update approval process.
ArbInjectionSkill runs automatically in the background ... Check for new findings periodically (via heartbeat or cron) ... Schedule daily update check (09:00)
Require explicit opt-in for background mode, provide clear stop/uninstall instructions, and separate monitoring from automatic update execution.
False positives or misconfigured channels could send confusing or sensitive alerts to the wrong place.
Using a messaging tool is purpose-aligned for vulnerability alerts, but it gives the agent authority to send external notifications based on scanner output.
Send alert via `message` tool to user's preferred channel
Confirm the destination channel and alert criteria before enabling automatic notifications.
If enabled, the external scanner code would have access to the user's Anthropic API key.
The skill discloses an optional provider API key for LLM analysis, but the registry metadata declares no environment variables or credentials.
ANTHROPIC_API_KEY=sk-ant-... # For LLM deep analysis
Use a restricted key, store it only in a local environment file, and enable it only after reviewing the code that will read it.