NEAR Intents 1click Api
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill appears to do what it says—crypto swaps and bridges—but it can automatically move real funds using private keys, and one included example can run a live swap to a hard-coded recipient.
Only install this if you understand it can move real crypto assets. Use manual mode by default, avoid configuring a high-value private key, verify every recipient and refund address, and do not run the included live-swap examples unless you have reviewed and changed the hard-coded addresses.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent misreads the request or uses the wrong address, asset, chain, or amount, it could send real funds without another user confirmation.
This explicitly encourages autonomous execution of financial swaps when NEAR credentials are available. Moving crypto assets is high impact and should require a clear final user approval step.
Agent should execute the swap end-to-end without user intervention
Default to manual/quote-only mode, and require explicit user confirmation of amount, asset pair, origin chain, destination chain, recipient, refund address, fees/slippage, and deadline before any transaction is signed.
Running or importing this file could initiate a real swap using the configured NEAR account and send the output to the hard-coded recipient address.
This example is configured for actual execution, uses environment private-key credentials, has a hard-coded destination recipient, and calls fullSwap() at top level rather than behind a direct-execution guard.
const isTest = false; // keep set to false for actual execution ... const recipientAddress = '0x553e771500f2d7529079918F93d86C0a845B540b'; ... fullSwap().catch(console.error);
Remove top-level execution, set examples to dry-run by default, replace hard-coded recipients with obvious placeholders, and require an interactive confirmation before sending funds.
A configured private key can authorize real transfers from the user’s NEAR account, so mistakes or unintended invocation can have financial consequences.
The code uses a private key to create a signer for blockchain actions. This is expected for auto mode, but it is high-privilege credential use and the registry metadata declares no required env vars or primary credential.
const signer = KeyPairSigner.fromSecretKey(privateKey as KeyPairString);
Declare NEAR_ACCOUNT_ID/NEAR_PRIVATE_KEY or equivalent credentials in metadata, document the exact account permissions needed, recommend limited-balance accounts, and avoid using full-access keys where possible.
Users have less registry-level assurance about where the package came from and how it should be installed.
The registry-level information gives limited provenance and says there is no install spec, while the supplied files include package/dependency files and installation documentation. This is a review-context and trust issue rather than proof of unsafe code.
Source: unknown; Homepage: none ... No install spec — this is an instruction-only skill.
Publish a verifiable source/homepage, align registry version and package version, and declare the npm installation/dependency expectations in the skill metadata.