LI.FI Skill
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: lifi-skill Version: 2.0.1 The OpenClaw AgentSkills skill bundle for LI.FI is classified as benign. The `SKILL.md` file contains clear, explicit instructions for the AI agent that are highly constraining and security-conscious. It strictly limits the agent to using `curl` only with the `https://li.quest/v1/` API, explicitly forbids `web_search` or `web_fetch`, and mandates the use of trusted OpenClaw tools (`defi_approve`, `defi_send_transaction`, etc.) for on-chain interactions, specifically prohibiting manual construction of critical transaction data. There is no evidence of data exfiltration, malicious execution, persistence, obfuscation, or prompt injection designed to subvert the agent for harmful purposes; instead, the instructions aim to keep the agent's actions within the stated purpose of interacting with the LI.FI API.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may refuse or avoid other routes or tools even if the user wants an alternative provider or a safer/manual workflow.
This makes LI.FI the mandatory route for all swap, bridge, and DeFi token operations, not only when the user explicitly asks to use LI.FI.
**ALL swaps, bridges, and DeFi token operations MUST go through LI.FI.** No exceptions. No manual DEX interactions.
Limit the instruction to LI.FI-specific tasks and require the agent to follow explicit user preferences when the user asks for another route.
A bad route, compromised spender, or mistaken action could move funds or leave a broad token allowance that remains risky after the transaction.
The skill instructs the agent to approve and send wallet transactions, and explicitly allows omitting the approval amount to create an unlimited ERC-20 allowance.
Use `defi_approve_and_send` ... `approveAmount`: the `action.fromAmount` from the quote (or omit for unlimited)
Require explicit per-transaction user confirmation, display token/spender/amount/chain details, and default to exact approval amounts rather than unlimited approvals.
Users could receive materially worse prices or execute transactions without an important pre-flight safety check.
The skill sets a high default slippage and requires disabling LI.FI simulation for every quote, which weakens transaction safety checks across all supported swaps and bridges.
**Default slippage: 10% (0.10).** ... ALWAYS add `&skipSimulation=true` to all `/v1/quote` requests.
Use a lower default slippage, ask the user before high-slippage trades, and skip simulation only when necessary and clearly disclosed for that specific wallet.
The API key will be available to the agent environment and sent to LI.FI when making requests.
The skill requires and uses a LI.FI API key for authenticated provider calls. This is expected for the integration, and the artifact does not show unrelated use or leakage.
ALWAYS include auth header: `"x-lifi-api-key: $LIFI_API_KEY"`
Use a scoped LI.FI API key if possible and rotate it if it is exposed outside the intended environment.
LI.FI can see wallet addresses and requested swap or bridge details for quotes.
The skill sends the user's wallet address and trade parameters to the LI.FI provider API. This is purpose-aligned, but it is still a provider data flow users should understand.
Get the user's wallet address with `defi_get_wallet` and use it as `fromAddress` in the quote.
Use the skill only if you are comfortable sharing wallet and route details with LI.FI, especially for privacy-sensitive wallets.