ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

b402 Private DeFi

v0.4.2

Private DeFi for AI agents. Shield tokens into a Railgun ZK privacy pool, swap privately, lend into Morpho vaults for yield, and bridge cross-chain via LI.FI...

0· 53·0 current·0 all-time
by@mmchougule

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for mmchougule/b402-private-defi.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "b402 Private DeFi" (mmchougule/b402-private-defi) from ClawHub.
Skill page: https://clawhub.ai/mmchougule/b402-private-defi
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: WORKER_PRIVATE_KEY
Required binaries: node, npx
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install b402-private-defi

ClawHub CLI

Package manager switcher

npx clawhub@latest install b402-private-defi
Security Scan
Capability signals
CryptoRequires walletRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Requiring node/npx and a private key is coherent for a DeFi SDK that must sign transactions. The declared npm package (b402-mcp) aligns with the described MCP server. However, the SKILL.md explicitly says the installer will 'patch your Claude Desktop config' and 'register the MCP server' which are not intrinsic to 'shield/swap/lend/bridge' operations and suggest broader system integration.
!
Instruction Scope
The SKILL.md instructs running npx b402-mcp@latest which will generate ~/.b402/wallet.json, patch Claude Desktop config, and register an MCP server. Those steps read/write user home files and modify another agent's configuration — actions outside the minimal scope of a DeFi SDK and that grant long-lived capabilities and persistence.
Install Mechanism
Installation uses an npm package (b402-mcp) which is a traceable registry source (moderate risk). However, the recommended npx @latest pattern downloads and runs whatever is published at runtime, which increases supply-chain risk compared to installing a pinned, reviewed release.
!
Credentials
The skill only declares a single required credential (WORKER_PRIVATE_KEY), which is appropriate for signing transactions. But the installer also writes a wallet file to disk (~/.b402/wallet.json) and patches desktop config — this implies storing private keys locally and giving the tool persistent access to the agent environment. The SKILL.md does not clarify whether the wallet file is encrypted, whether the env key is copied there, or why both a generated wallet and an env private key are needed.
!
Persistence & Privilege
The skill will persist credentials to disk and modify another agent's (Claude Desktop) configuration and 'register' an MCP server. Modifying other agent configs and registering services increases the blast radius and is outside the typical scope of a single-purpose skill.
What to consider before installing
This skill is plausible for private DeFi, but it requires strong trust before you install or run it. Key things to consider before installing: 1) It asks for WORKER_PRIVATE_KEY — feeding a raw private key to any tool gives it full control over funds; prefer using ephemeral accounts or hardware signing if possible. 2) The installer (npx b402-mcp@latest) will create ~/.b402/wallet.json — confirm whether that file stores an unencrypted private key. 3) The installer will 'patch your Claude Desktop config' and 'register the MCP server' — understand exactly what config is changed and what network endpoints the MCP server opens (is it locally bound only, or exposed remotely?). 4) npx @latest runs code fetched at install-time: review the npm package source (b402-mcp) and the referenced GitHub repo before running; prefer pinned versions and inspect the package contents. 5) If you plan to proceed, test in an isolated environment (VM/container) with small amounts or a throwaway account first. Ask the publisher for: (a) a clear explanation of what 'patch Claude Desktop config' does, (b) whether ~/.b402/wallet.json is encrypted, (c) whether WORKER_PRIVATE_KEY is strictly required or optional, (d) the exact network interfaces/ports the MCP server binds to and whether it requires authentication, and (e) a pinned package release and reproducible build/source link so you can audit the code.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🔐 Clawdis
Binsnode, npx
EnvWORKER_PRIVATE_KEY
Primary envWORKER_PRIVATE_KEY

Install

Node
Bins: b402-mcp
npm i -g b402-mcp
arbitrumvk974ce4wdyqxwpkf1yxp14qwys84y53ebasevk974ce4wdyqxwpkf1yxp14qwys84y53ecross-chainvk974ce4wdyqxwpkf1yxp14qwys84y53edefivk974ce4wdyqxwpkf1yxp14qwys84y53eerc-4337vk974ce4wdyqxwpkf1yxp14qwys84y53egaslessvk974ce4wdyqxwpkf1yxp14qwys84y53elatestvk974ce4wdyqxwpkf1yxp14qwys84y53elifivk974ce4wdyqxwpkf1yxp14qwys84y53emorphovk974ce4wdyqxwpkf1yxp14qwys84y53eprivacyvk974ce4wdyqxwpkf1yxp14qwys84y53erailgunvk974ce4wdyqxwpkf1yxp14qwys84y53ezkvk974ce4wdyqxwpkf1yxp14qwys84y53e
53downloads
0stars
1versions
Updated 1w ago
v0.4.2
MIT-0
@mmchougule
arbitrumbasecross-chaindefierc-4337gaslesslatestlifimorphoprivacyrailgunzk
Download

b402 — Private DeFi for AI Agents

Shield. Swap. Lend. Bridge. All private. All gasless.

b402 wraps Railgun's ZK privacy pool with an agent-friendly SDK and MCP server. On-chain observers see "RelayAdapt called a DEX" — not your wallet, not your strategy.

Install

npx b402-mcp@latest --claude

This generates a wallet at ~/.b402/wallet.json, patches your Claude Desktop config, and registers the MCP server. Fund the wallet with USDC on Base to start.

Tools

ToolWhat it does
check_pool_balanceShow shielded balances, wallet state, vault positions
shield_usdcMove USDC into the Railgun privacy pool (gasless)
private_swapSwap tokens inside the pool via ZK proof (USDC↔WETH, etc.)
lend_privatelyDeposit into Morpho vault from pool (~4-8% APY)
redeem_privatelyWithdraw from Morpho vault back to pool
cross_chain_privatelyPrivate cross-chain transfer or swap via LI.FI (Base→Arb, etc.)
get_swap_quotePreview swap rates without executing
run_strategyMulti-step: swap + lend + reserve in one call

Example prompts

  • "Check my privacy pool balance"
  • "Shield 5 USDC into the pool"
  • "Swap 2 USDC to WETH privately"
  • "Privately send 1 USDC to 0xABC... on Arbitrum"
  • "Private cross-chain swap: 1 USDC from pool to ARB on Arbitrum, to 0xABC..."
  • "Lend 10 USDC in the steakhouse vault"
  • "Run a yield strategy: 30% WETH, 50% lend, 20% reserve"

How it works

Agent prompt → MCP tool call → b402-sdk
  → Railgun ZK proof (client-side, 10-30s)
  → RelayAdapt atomic tx (unshield → DeFi op → reshield)
  → On-chain: only RelayAdapt visible. No wallet linked.

Cross-chain: LI.FI routes through ~30 bridges + ~20 DEXes. Source and destination are unlinkable.

Supported chains

ChainIDPrivacy poolCross-chain
Base8453Yes (0% fee)Source + dest
Arbitrum42161Yes (0% fee)Dest only (v1)
BSC56Yes (0% fee)Dest only (v1)

SDK usage (for builders)

import { B402 } from '@b402ai/sdk'

const b402 = new B402({ privateKey: process.env.WORKER_PRIVATE_KEY! })

// Shield into privacy pool (gasless)
await b402.shieldFromEOA({ token: 'USDC', amount: '10' })

// Private swap inside pool
await b402.privateSwap({ from: 'USDC', to: 'WETH', amount: '5' })

// Private cross-chain (LI.FI routing)
await b402.privateCrossChain({
  toChain: 'arbitrum',
  fromToken: 'USDC',
  toToken: 'ARB',
  amount: '1',
  destinationAddress: '0x...',
})

// Private lend (Morpho vaults, 4-8% APY)
await b402.privateLend({ amount: '10', vault: 'steakhouse' })

Links

Comments

Loading comments...