ClawHub

spanDEX Agentic Swap

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about crypto swaps, but it needs review because it can send real wallet transactions with reduced verification and no extra confirmation in one fallback path.

Install only if you are comfortable letting an agent prepare and submit real crypto transactions. Prefer quote-only or dry-run mode first, install onchain-verify-transaction before execution, use a limited Privy wallet with spending controls, and manually review the wallet, tokens, amounts, recipient, spender, slippage, API endpoint, and transaction details before any swap.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The README suggests very broad natural-language invocations such as 'Swap 5 USDC to WETH' and says the skill will handle quote fetching, wallet selection, approval, and execution. In an agentic environment, this increases the chance of accidental activation for high-impact financial actions, especially because token approvals and swaps can move funds irreversibly. The skill context makes this more dangerous because it is explicitly tied to onchain execution and wallet-ready calldata, not just informational quoting.

Missing User Warnings

High
Confidence
95% confidence
Finding
The README states that the skill produces approval and swap calldata and executes swaps onchain, but it does not provide a clear warning that approvals can grant token spending rights and that transactions are irreversible and may involve slippage, routing, or fund-loss risks. Because this skill directly facilitates financial transactions through an agentic wallet, missing risk disclosures materially increases the chance that users or orchestrating agents treat execution as routine and unsafe. The context makes this particularly sensitive since the feature set includes both approval transactions and execution through Privy.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly permits execution to continue after warning that full calldata verification is unavailable, which weakens the consent boundary for high-risk onchain actions. In a transaction-signing context, reduced-safety execution should require renewed explicit user approval because malformed or malicious calldata could still drain funds or grant unintended approvals.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The best-effort path instructs the agent not to add further confirmation prompts even though verification guarantees are reduced to limited approval parsing. That creates a dangerous automation path where a user may believe the swap was fully validated when in reality the agent is proceeding under materially weaker protections against malicious or incorrect calldata.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal