ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

DEX Arbitrage DEX套利

v2025.4.12

DEX搬砖套利助手。当用户需要寻找不同DEX间的价格差异、执行跨交易所套利、监控搬砖机会、计算套利收益或设计自动化搬砖策略时使用。支持跨DEX套利、跨链套利、三角套利、闪电贷套利、CEX-DEX套利等多种搬砖模式,涵盖以太坊、BSC、Arbitrum等多链生态。

0· 421·0 current·0 all-time
by@shenmeng
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires walletCan make purchasesCan sign transactions
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The skill’s code (price monitor, arbitrage calculator, flashloan generator) matches the DEX arbitrage purpose. However the package embeds a SkillPay billing integration (meta.json + payment.py + SKILL.md payment instructions). The registry metadata provided to the scanner lists no required env vars, but meta.json declares SKILLPAY_API_KEY and SKILLPAY_USER_ID as required — an inconsistency. Charging users can be legitimate for a paid skill, but the billing implementation (see hardcoded API key) is unexpected and needs justification.
!
Instruction Scope
SKILL.md instructs the agent to run/offer scripts and to use external services (Flashbots, private RPCs) which is appropriate for arbitrage. But the documentation references files that do not appear in the manifest (e.g., scripts/flashloan_arbitrage.sol, cross_chain_arbitrage.py), creating a mismatch. The runtime instructions also require performing network calls (payment endpoint, RPCs) and potentially deploying/using contracts — actions that require private keys and credentials that are not declared or scoped in the skill. That vagueness grants broad discretion and is a risk for accidental misuse.
Install Mechanism
This is instruction-plus-code with no install spec; nothing is downloaded or extracted at install time. That lowers the install-time risk surface. The included Python scripts will perform network calls at runtime, but there is no installer that pulls arbitrary remote code.
!
Credentials
There is a clear mismatch between declared required env vars (none) and the skill internals: meta.json declares SKILLPAY_API_KEY and SKILLPAY_USER_ID as required, and payment.py reads SKILLPAY_USER_ID from the environment. Worse: payment.py contains a long hardcoded BILLING_API_KEY string in plaintext. Embedding an API key in code is a significant security/operational risk (exfiltration, unauthorized charges, key compromise) and is disproportionate to the documented arbitrage functionality.
Persistence & Privilege
always is false and the skill does not request system-wide configuration changes. The agent can invoke the skill autonomously (platform default). Combined with the billing calls and network-enabled scripts, autonomous invocation increases blast radius, but autonomous invocation alone is normal and not flagged by itself.
Scan Findings in Context
[hardcoded_skillpay_api_key] unexpected: payment.py contains a long hardcoded BILLING_API_KEY value. Hardcoded private API keys are unsafe and not expected for a client-side skill; they enable the repository (or anyone running it) to make privileged calls and may indicate leaked credentials.
[meta_payment_envs_declared] expected: meta.json declares SKILLPAY_API_KEY and SKILLPAY_USER_ID as required for billing. Declaring payment credentials is reasonable for a paid skill, but this conflicts with the registry 'Required env vars: none' and payment.py's use of a hardcoded key instead of relying on an env var.
[referenced_files_missing] unexpected: SKILL.md references files (e.g., scripts/flashloan_arbitrage.sol, scripts/cross_chain_arbitrage.py) that are not present in the file manifest. This inconsistency could be sloppy packaging or an attempt to mislead about included functionality.
What to consider before installing
This skill contains real arbitrage code but also includes a built-in billing integration with a hardcoded API key and inconsistent metadata. Treat it as suspicious: do not run it with any sensitive credentials or deploy it in production. Before using/installing, ask the maintainer to: (1) remove the hardcoded BILLING_API_KEY and move secret keys to documented environment variables, (2) reconcile meta.json vs registry-required env vars, (3) provide the missing referenced files or fix SKILL.md, and (4) explain who controls the SkillPay account and how charges are handled. If you must test it, run it in an isolated sandbox with network egress restricted and no wallet/private keys present. Avoid entering personal/private keys or wallet secrets until these issues are resolved.

Like a lobster shell, security has layers — review code before you run it.

latestvk9760tp9v405ghzma4m6wxmbq584m8h0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments