Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
KaspaCom DEX MCP
v0.1.0Use KaspaCom DEX through the KaspaCom DeFi MCP/CLI for pair discovery, token pricing, swaps, and liquidity management on IGRA and Kasplex. Trigger on request...
⭐ 0· 43·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name and description align with installing and using a Kaspa DEX CLI (@kaspacom/defi-mcp) for pair discovery, pricing, swaps and liquidity management — requiring a CLI package is reasonable for this purpose. However, the SKILL.md does not declare or document any credential, RPC, or wallet requirements that are necessary for transaction commands, which is an omission.
Instruction Scope
SKILL.md tells the agent to globally install an npm CLI and shows both read-only and transaction examples (swap, add/remove liquidity). The runtime instructions do not describe how to provide signing keys, which files/paths the CLI will access, whether it will prompt for passwords, or whether it will contact external endpoints beyond Kaspa L2s. Transaction examples imply the skill will cause on-chain changes, but there is no guardrail or explicit credential handling described.
Install Mechanism
Installation is via 'npm i -g @kaspacom/defi-mcp' (public npm). Using npm is expected for a JS CLI but carries moderate risk: the package publisher and repository are not provided, and a global install can affect system PATH. No direct downloads or arbitrary URLs are recommended, which lowers the install risk compared to arbitrary archives, but you should validate the package source before installing.
Credentials
The skill declares no required environment variables or credentials, yet it includes transaction operations that must be signed. This mismatch is concerning: the CLI will likely require a private key, wallet file, or RPC credentials, but the skill gives no instructions on where these are stored or how to restrict them. That could lead to the CLI/agent accessing local wallet files or environment secrets unexpectedly.
Persistence & Privilege
The skill is not forced-always and is user-invocable, which is appropriate. Autonomous model invocation is allowed by default; combined with transaction-capable commands and the missing credential guidance, this increases the risk that the agent could perform transactions if it obtains signing ability. It does not request persistent system-wide configuration explicitly.
What to consider before installing
Do not install or run this CLI blindly. Verify the npm package publisher and repository (inspect the package source on npm/GitHub) before installing; prefer installing in a sandbox or container rather than globally; confirm how the CLI obtains private keys or RPC endpoints (explicit env vars, hardware wallet, or WalletConnect are preferable over automatic local key access). If you plan to allow transactions, use a dedicated wallet with minimal funds and explicit, documented key handling. Require the skill to document exactly which files/paths and environment variables it will access; without that, treat the skill as risky for making on-chain transactions. If you only need read-only features, restrict the agent to those commands and avoid providing signing credentials.Like a lobster shell, security has layers — review code before you run it.
dexvk97chcc2vjstq6mayecga3xxyd84rbddkaspavk97chcc2vjstq6mayecga3xxyd84rbddlatestvk97chcc2vjstq6mayecga3xxyd84rbddmcpvk97chcc2vjstq6mayecga3xxyd84rbdd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.