bridging
ReviewAudited by ClawScan on May 1, 2026.
Overview
This is a coherent instruction-only Celo bridging guide, but users should carefully verify bridge URLs, contract addresses, and any wallet transaction before approving it.
This skill appears to be a reference guide rather than executable malware. Before installing or using it, treat all bridge transactions as high-impact: verify official URLs and contract addresses, confirm the exact chain and amount, and never approve a wallet signature unless you understand what it will do.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user or agent runs similar code with the wrong amount, chain, or contract, funds could be moved or lost and gas fees spent.
The skill includes an example that can initiate an on-chain bridge transaction moving ETH value. This is central to the skill's purpose, but it is financially impactful.
const hash = await walletClient.writeContract({ ... functionName: "wrapAndBridge", ... value: parseEther(amount) });Require explicit user approval before any bridge transaction, and verify the chain, amount, recipient behavior, contract address, and wallet prompt before signing.
The user's wallet address may be accessed, and wallet prompts may request permission to sign transactions that move assets.
The example uses a connected browser wallet account. This is expected for blockchain bridging, but it involves wallet identity and transaction-signing authority.
transport: custom(window.ethereum) ... const [address] = await walletClient.getAddresses();
Only connect trusted wallets, inspect every wallet prompt, and do not let an agent sign or submit transactions without a clear user instruction.
Using outdated or spoofed bridge links or contract addresses could lead to failed transactions or loss of funds.
The registry-level provenance is limited for a skill that provides bridge URLs and contract addresses. The artifacts do include source references and verification reminders, so this is a caution rather than a concern.
Source: unknown; Homepage: none
Verify bridge URLs and contract addresses against official Celo documentation and block explorers before using them.