Skillv0.1.0

ClawScan security

FORGE — Cross-Chain Swap Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 15, 2026, 5:17 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and runtime instructions are consistent with a THORChain cross‑chain swap router (it is instruction-only and calls a third‑party API), but using it requires trusting that external service to build correct vault addresses/memos before you send funds.
Guidance: This skill is coherent for routing THORChain swaps, but it requires trusting the external API to construct the vault address and memo that your wallet will use — that is the single point that can steal funds if malicious or compromised. Before using: (1) verify the API/operator (check the GitHub repo, TLS certs, domain ownership); (2) prefer self-hosting the API if you need stronger trust guarantees; (3) test with very small amounts first; (4) independently verify any returned vault address and memo format against known THORChain tooling; and (5) note the disclosed 0.5% affiliate fee (forgemb) embedded in memos so you understand routing costs. If you need higher assurance, ask the maintainer for an auditable implementation or run the service from your own infrastructure.

Review Dimensions

Purpose & Capability: okThe name, description, and SKILL.md all describe a THORChain cross‑chain swap router and the file provides API endpoints, MCP config, and swap/quote/asset examples that match that purpose. No unrelated binaries, credentials, or surprising install steps are requested.
Instruction Scope: noteRuntime instructions instruct the agent to call the listed forge API endpoints (/swap/quote, /swap/execute, /swap/assets) and return vault deposit addresses and THORChain memos. The instructions do not attempt to read local files or unrelated environment variables, but they do rely on a third‑party server to construct critical on‑chain parameters (vault address and memo). That is expected for this service but represents a trust and safety consideration: if the API is malicious or compromised it could provide attacker-controlled addresses/memos.
Install Mechanism: okThis is instruction-only (no install spec, no code files), so nothing is written to disk by an installer. Lowest install risk.
Credentials: okThe skill declares no required environment variables or credentials. The SKILL.md shows optional self-host env vars (FEE_RECIPIENT_ADDRESS, SWAP_FEE_BPS, PORT, ALLOWED_ORIGINS) which are reasonable for a forkable/self-hosted service. There are no unexpected secret requests.
Persistence & Privilege: okThe skill is not always-enabled and does not request persistent system privileges. It is user-invocable and can be invoked autonomously (platform default), which is normal for skills. It does not modify other skills or system config.