Turbos CLMM SDK
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is an instruction-only DeFi SDK integration guide with no included code, but users should be aware that its examples cover wallet-related and financial transaction workflows.
This skill appears to be a straightforward Turbos Finance SDK reference rather than executable code. Before installing packages or using the examples, confirm you trust the SDK source, use testnet when experimenting, and carefully review any wallet transaction before signing.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If these examples are used in a real app or wallet flow, they could create pools, move liquidity, collect fees, or otherwise affect crypto assets.
The guide covers SDK calls that can build transactions affecting DeFi positions and funds. This is expected for a Turbos CLMM SDK guide, but users should review any generated transaction before signing.
Core pool operations: create, add/remove liquidity, collect fees/rewards.
Use the guide for development or analysis, and require explicit user review before signing or submitting any Sui transaction.
Wallet seed phrases or private keys can control funds if mishandled.
The SDK exposes account helpers related to keypairs and mnemonics, which are sensitive wallet credentials. The artifact does not show credential collection or exfiltration, and this capability is related to Sui SDK usage.
`sdk.account` | `Account` | Keypair & mnemonic helpers
Do not paste private keys or mnemonics into the agent unless necessary, and prefer wallet signing or testnet accounts for development.
Installing third-party packages adds normal dependency supply-chain risk.
The skill instructs users to install external npm packages. This is expected for an SDK integration guide and there is no bundled code or hidden installer in the artifacts.
pnpm add turbos-clmm-sdk @mysten/sui
Install from trusted package registries, review package provenance, and pin versions for production use.