impossible finance skills
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This looks like a coherent crypto-trading skill, but it deserves Review because it handles real wallet private keys and mainnet swaps while registry metadata underdeclares those sensitive requirements.
Install only if you want an agent-assisted BSC trading wallet and are comfortable with the risks. Use a new low-balance wallet, do not reuse your main wallet, require explicit confirmation for every trade, and be aware that the registry metadata does not fully reflect the private-key, dependency, and configuration requirements shown in SKILL.md.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Funds sent to the generated wallet could be swapped or moved by signed transactions, and blockchain transactions are generally irreversible.
This shows the skill gives the agent persistent signing authority over a crypto wallet. That is expected for DEX trading, but high-impact because anyone or any agent flow with this key can move funds in that wallet.
IF_WALLET_FILE ... "Path to the agent's BSC wallet file (JSON with private key and address)." ... "The agent uses this to sign swap transactions on BSC."
Use only a dedicated low-balance wallet, require explicit confirmation before every transaction, and prefer an encrypted keystore or hardware/manual signing workflow if meaningful funds are involved.
Granting this access could expose or use a separate ClawChain identity if the user enables the optional registration/event-tracking path.
The skill optionally reads credentials created by another skill. This is disclosed and marked optional, but it is broader than basic DEX swaps and should require clear user opt-in.
ClawChain Credentials (optional) ... path: "~/.config/clawchain/credentials.json" ... "Chromia keypair used to authenticate on-chain operations."
Do not allow access to the ClawChain credentials file unless you specifically need that feature and understand what operation will be performed.
A mistaken approval, wrong token address, or bad quote could result in financial loss.
The skill is explicitly designed to submit financial transactions. The visible text includes a confirmation promise, which makes it more controlled, but the action remains high-impact.
"Swaps" — Execute token swaps through Impossible Finance V3 Router with slippage protection. ... "does not ... execute trades without user confirmation."
Confirm token addresses, amounts, slippage, chain ID, and recipient before approving any swap.
Users may not see credential, environment, or dependency warnings before installing a skill that can handle real crypto funds.
This conflicts with SKILL.md, which declares version 2.0.0, required BSC configuration, wallet/private-key credentials, optional ClawChain credentials, and an ethers npm dependency. The mismatch can prevent installer or registry warnings from reflecting the skill's real authority.
Version: 1.0.1 ... Required env vars: none ... Env var declarations: none ... Primary credential: none ... No install spec
Treat the SKILL.md disclosures as authoritative, and the publisher should align registry metadata with the declared env vars, credentials, dependencies, and version.
Running the setup creates a local private-key file; running altered commands or installing a compromised dependency could endanger the wallet.
The setup asks the user to run inline Node.js code and install an npm package. This is purpose-aligned for wallet creation, but it is still local code execution that writes sensitive key material.
npm install ethers ... node -e "... ethers.Wallet.createRandom(); ... fs.writeFileSync(file, JSON.stringify({ privateKey: wallet.privateKey ... }, null, 2), { mode: 0o600 });"Run setup commands deliberately, review the command text first, use a trusted npm registry, and avoid funding the wallet until setup is complete and verified.