Intent Transfer Completion via LI.FI
Security checks across malware telemetry and agentic risk
Overview
The skill matches its LI.FI transfer purpose, but it can sign real crypto routes/transfers from a local private key without a visible confirmation step, and the supplied artifacts include secret-looking wallet/API key files.
Review carefully before installing. Do not fund or use the bundled wallet.txt key, remove/rotate exposed secrets, and only use this with a fresh low-balance wallet or secure wallet provider. Confirm the exact recipient, chain, token, amount, LI.FI route, approvals, and gas/slippage yourself before allowing any transaction to be signed.
VirusTotal
No VirusTotal findings
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent invocation can create irreversible blockchain approvals, swaps/bridges, and final token transfers.
A single tool execution can execute the LI.FI route and then send the final transfer; the artifacts do not show a separate quote/confirmation/max-spend gate before signing.
const executedRoute = await executePlannedRoute(plan, localWallet); ... const finalTransferHash = await sendFinalTransfer(plan, localWallet);
Require a quote-only preview and explicit user confirmation of recipient, chain, token, amount, route steps, approvals, gas/slippage, and maximum spend before any transaction is signed.
If an agent or prompt supplies the wrong path, the plugin may use a sensitive signing key with authority over real funds.
The tool contract exposes a local private-key file path as an input and default, while the registry metadata declares no primary credential or required config path.
"walletPath": { "type": "string", "description": "Optional path to a local private-key file. Defaults to './wallet.txt'." }Declare the signing credential clearly, avoid arbitrary private-key file paths, prefer a scoped wallet provider or hardware-wallet approval flow, and require explicit user selection of the wallet.
Any funds placed in or controlled by the bundled/default key should be considered exposed to anyone who has the artifact.
The supplied artifact includes a 64-hex-character private-key-shaped value in wallet.txt, which other artifacts identify as the default sender private-key file.
7bf67427...b3770
Remove wallet.txt from the package/source artifact, rotate or abandon the exposed wallet, and make the tool fail safely unless the user provides their own secure wallet.
This suggests credential-handling hygiene problems and may expose the publisher's provider key.
A secret-looking LI.FI key is included in the supplied artifacts even though the README says the runtime does not load .env files.
LIFI_KEY = "c101a204-..."
Remove .env from distributed artifacts, rotate the exposed LI.FI key, and declare any required provider credentials through the normal config/credential mechanism.
LI.FI and underlying RPC providers can learn wallet addresses and intended route details.
The plugin sends route parameters, including wallet addresses, chains, token addresses, and amounts, to LI.FI; this is expected for routing but privacy-relevant.
getLifiRoutes({ fromChainId: params.fromChain, toChainId: params.toChain, ... fromAddress: params.fromAddress, toAddress: params.toAddress, fromAmount: params.fromAmount.toString() })Use only if you are comfortable sharing route metadata with LI.FI/RPC providers, and review the provider's privacy and security posture.