Skillv1.0.0

ClawScan security

ButterSwap · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 13, 2026, 10:56 AM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requests and runtime instructions line up with a cross-chain DEX aggregator: it only calls an external API to fetch routes and transaction calldata and does not request unrelated credentials or install code.
Guidance: This skill appears coherent with a DEX routing helper, but verify the API endpoint and repository before use. Do not paste private keys or seed phrases into the agent; the skill returns calldata/contract targets which you should sign only in a trusted wallet or offline. Check that https://bs-router-v3.chainservice.io and the referenced docs/repo are legitimate (TLS cert, official docs, GitHub repo contents). Test with small amounts first, verify token/contract addresses carefully, and avoid supplying any secret material to the agent. If you need stronger assurance, ask the publisher for a canonical homepage/repo link and confirm the API behavior against official Butter Network docs.

Purpose & Capability: okName/description match the SKILL.md: all actions are API calls to a router service to get quotes, routes, and calldata for swaps. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope: noteRuntime instructions are limited to HTTP GET calls (curl examples) to the declared BASE_URL and describe expected responses. They return calldata/to/value that the user must sign/submit; the skill does not request private keys, but users must not paste private keys into prompts or the skill. The allowed-tools list includes 'Read' which could permit file access, but the SKILL.md does not instruct reading local files or secrets.
Install Mechanism: okInstruction-only skill with no install spec and no code files — nothing is written to disk. Lowest-risk install posture.
Credentials: okNo environment variables, credentials, or config paths are required. The skill does not ask for unrelated secrets.
Persistence & Privilege: okalways:false and user-invocable; the skill does not request elevated persistence or modify other skills or system configuration.