Skillv2.4.3

ClawScan security

Spot Advanced Swap Orders · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 19, 2026, 12:40 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files and instructions are internally consistent with a non-custodial EVM order relay workflow, but it requires sending user signatures to an external relay URL—verify that endpoint and the referenced contract addresses before use.
Guidance: This skill appears coherent for building and submitting non-custodial Spot orders, but before installing or using it you should: (1) verify the relay endpoint (https://agents-sink.orbs.network) is run/endorsed by a party you trust (the repo points to an Orbs Network GitHub, but confirm the relay owner/operator), (2) inspect the typed-data domain.verifyingContract and adapter addresses in the SKILL.md/assets and confirm they match the deployed contracts you expect, (3) always review the exact populated typedData before signing and only sign with a wallet you control (prefer hardware/safe wallets), (4) understand that sending the signature to the relay lets the relay submit the order onchain — if the typedData domain is incorrect or intentionally weak this could be abused, and (5) note that cancellation requires an onchain transaction (gas) from the swapper. If you cannot verify the relay operator or the contract addresses, treat the skill as suspicious and avoid sending real funds/signatures through it.

Review Dimensions

Purpose & Capability: okThe name/description (advanced non-custodial Spot orders) matches the bundled assets and instructions: param mapping, typed-data template, signing guidance, and relay submission. No unrelated binaries, env vars, or config paths are requested. Adapter addresses and supported chains are listed in SKILL.md and assets, which is expected for a multi-chain order builder.
Instruction Scope: noteThe runtime instructions are narrowly scoped to: build/normalize params locally from included markdown/JSON, populate the provided EIP‑712 template, sign locally, and POST the signed payload to a single external relay endpoint (https://agents-sink.orbs.network/orders/new). The SKILL.md explicitly forbids fetching or executing external helper code. Sending signatures to an external relay is expected for this purpose but is an important trust/attack surface to confirm before use.
Install Mechanism: okInstruction-only skill with no install spec and no code files to execute. This minimizes disk/write risk; nothing is downloaded or installed by the skill itself.
Credentials: okThe skill requests no environment variables, keys, or config paths. All signing is described as happening with the user's wallet or local signer, which is proportionate to the stated non-custodial signing workflow.
Persistence & Privilege: okNo persistent installation, no always:true flag, and no modifications to other skills or agent-wide settings. Autonomous invocation is allowed (platform default) but not combined with other broad privileges.