ClawHub

Swap and bridge across 35+ chains with LI.FI

Security checks across malware telemetry and agentic risk

Overview

This skill can prepare real blockchain swap, bridge, and zap transactions, but the artifacts disclose that purpose and include proportionate safety instructions rather than hidden or unrelated behavior.

Install only if you are comfortable with an agent preparing wallet-signable DeFi transactions. Before signing anything, manually verify the chain, token, amount, destination, spender or approval amount, contract-call details, route, slippage, fees, and bridge timing; prefer wallets that require explicit per-transaction approval and avoid unlimited token approvals.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README promotes swap, bridge, route, and zap operations that can move real on-chain assets, but it does not prominently warn users that generated transactions may spend funds, incur slippage, approvals, bridge delays, or irreversible loss if misused. In this context, the skill is explicitly designed to produce wallet-ready transaction requests, so understated risk communication increases the chance that users or downstream agents execute high-value actions without informed consent or adequate review.

Vague Triggers

Medium
Confidence
93% confidence
Finding
Allowing invocation via an unrestricted 'natural language request' makes the skill trigger scope ambiguous and increases the chance the agent routes loosely related user input into a high-risk fund-moving workflow. In this skill's context, that ambiguity is more dangerous than usual because the downstream actions can generate executable blockchain transactions, potentially leading to unintended swaps, bridges, or disclosure of wallet-related data.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill repeatedly instructs the agent to return 'transactionRequest' objects ready for signing, but it does not explicitly warn that signing such transactions can irreversibly transfer or approve assets. In a cross-chain DeFi context, this omission is high risk because users may interpret the response as informational rather than as executable authority to move funds, and bridge/swap failures can still leave assets spent or in transit.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal