ClawHub

KyberSwap Arbitrage

Perform triangular arbitrage on Base via KyberSwap by finding profitable token swaps, calculating optimal paths, and executing multi-hop trades with gas and...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 540 · 2 current installs · 2 all-time installs
by@HarleysCodes
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to discover and execute on-chain triangular arbitrage on Base (KyberSwap). Executing swaps requires a web3 provider (RPC), a signing wallet/private key, and funded account(s). The registry metadata and SKILL.md declare no required env vars, credentials, or RPC endpoints — this is inconsistent with the stated purpose.
Instruction Scope
SKILL.md contains concrete ethers.js calls (getAmountsOut, swapExactTokensForTokens), contract addresses, and safety checks (slippage, gas, reserves). It does not instruct reading local files or unrelated system secrets, but it implicitly requires access to a provider and signer which are not declared. The instructions are narrowly scoped to arbitrage logic but leave out how to obtain RPC/provider and signing authority.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — nothing will be written to disk by the platform installer. That is the lower-risk and expected format for a guide-style skill.
!
Credentials
No environment variables or credentials are declared, yet the functionality necessarily requires sensitive credentials (RPC URL, private key or wallet access) and funded accounts. The absence of declared secrets is disproportionate to the capability and is a red flag for missing/incomplete specification or potential hidden expectations about how the agent should obtain keys.
Persistence & Privilege
The skill does not request always:true, does not declare any config paths, and does not appear to modify system or other-skill settings. No persistence or elevated platform-wide privilege is requested.
What to consider before installing
This skill contains reasonable arbitrage logic but is missing critical operational detail: how it will connect to Base (RPC) and sign transactions (private key or wallet). Before installing or running it, ask the publisher for source code and an explicit list of required environment variables (RPC_URL, PRIVATE_KEY or signer method), and verify where those values would be provided. Never paste your private key into a skill UI or provide it to an untrusted skill. If you plan to use the skill, test on a non-production network with a wallet funded with minimal funds; verify all contract and token addresses on a block explorer; prefer using a hot wallet with limited funds or a dedicated small-balance account; require explicit, auditable transaction signing (i.e., sign transactions locally/offline) rather than giving the skill custody of keys. If the publisher cannot provide source or clarify how credentials are handled, treat the skill as unsafe to run with real funds.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97acq2epx478wrx8qe294mzhd8157q1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

KyberSwap Arbitrage

Overview

Triangular arbitrage: profit from price differences between 3 tokens (e.g., USDC → ETH → USDT → USDC)

Key Contracts (Base Mainnet)

  • Router: 0x6131B5fae19EA4f9D964eAc0408E4408b2a37dD8
  • Factory: 0x5F1dddbf348aC2BEbe18559BF0eDE9D3fE6ce35f

Core Logic

1. Get Quotes

const router = new ethers.Contract(routerAddr, routerABI, provider);

// Get amounts out for exact input
const [amountOut] = await router.getAmountsOut(
  amountIn,      // Wei amount
  [tokenA, tokenB, tokenC] // Path
);

2. Calculate Profit

profit = finalAmount - initialAmount - gasCosts

3. Execute Swap

const tx = await router.swapExactTokensForTokens(
  amountIn,
  amountOutMin,
  path,
  recipient,
  deadline
);

Token Addresses (Base)

  • USDC: 0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913
  • USDT: 0xfde4C96c85940E8F44A6D8d5e4fD4f4C4f9D8E8
  • ETH: 0x4200000000000000000000000000000000000006
  • WETH: 0x4200000000000000000000000000000000000006

Arbitrage Pairs (Base)

Common triangular paths:

  • USDC → ETH → USDC
  • USDC → WETH → USDT → USDC
  • USDT → ETH → USDC → USDT

Safety Checks

  1. Slippage: Set amountOutMin = output * (1 - slippage%)
  2. Gas: Estimate gas, ensure profit > gas
  3. Max Price Impact: Check pool reserves before large trades
  4. Renounced Contracts: Only trade tokens with renounced ownership

Risk Profile

  • Aggressive but audit-first
  • Skip all non-renounced contracts
  • Check for honeypot tokens

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…