Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
SushiSwap SDK
v0.1.0TypeScript SDK for interacting with the SushiSwap Aggregator and related primitives. This SDK is a typed wrapper over the SushiSwap API, providing ergonomic helpers for token amounts, prices, quotes, and swap transaction generation. USE THIS SKILL WHEN: - Building TypeScript or JavaScript applications - You want strongly typed token, amount, and fraction primitives - You need to request swap quotes or executable swap transactions via code - You want safer arithmetic, formatting, and comparisons without floating point errors - You prefer SDK-based integration over raw HTTP requests
⭐ 0· 1.3k·3 current·3 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (TypeScript SDK for SushiSwap aggregator) aligns with the SKILL.md content: examples show getQuote/getSwap, use of viem for RPC/wallet clients, and guidance about referrer and fee splits. The requested npm packages (sushi, viem) are consistent with the stated purpose.
Instruction Scope
The reference example instructs reading process.env.PRIVATE_KEY and using it to create/send transactions. That is sensitive I/O and is not reflected in the declared requirements. The SKILL.md otherwise stays within the SDK's scope, but the example explicitly demonstrates accessing and using a private key, which the skill metadata fails to surface.
Install Mechanism
There is no install spec (instruction-only) and the SKILL.md simply recommends installing 'sushi' and 'viem' via common package managers. This is low-risk in itself, but because the skill has unknown provenance, installing packages from the registry should be done cautiously.
Credentials
The skill metadata declares no required environment variables, yet the reference code reads process.env.PRIVATE_KEY to sign/send transactions. Asking for a private key (or demonstrating its use) is a high-sensitivity action and should be explicitly declared and justified. There is also a mandatory 'referrer' parameter (for affiliate/fee attribution), which may have economic implications but is not a secret; however the private key usage is not documented in requires.env.
Persistence & Privilege
The skill is not always-enabled (always:false) and is user-invocable. Autonomous invocation is allowed by default, which is normal. Because the skill can generate executable swap data and (per examples) request signing via an env private key, an agent invoking this skill autonomously could attempt to execute on-chain transactions if given credentials — users should be cautious about granting signing credentials to autonomous agents.
What to consider before installing
This skill appears to be a legitimate SDK wrapper for SushiSwap, but there are important mismatches and provenance gaps you should address before installing or using it:
- The reference examples show reading process.env.PRIVATE_KEY to sign and send transactions, yet the skill metadata does not declare any required environment variables. Do not provide your private key to this skill (or to an agent) unless you fully trust the source and understand exactly when and how it will be used.
- The skill source and homepage are unknown. Verify the package author and locate the official repository or npm package named 'sushi' before installing — typosquatting and fake packages are common on registries.
- If you need to execute swaps, prefer signing transactions offline or with a hardware wallet / ephemeral key that has minimal funds and limited permissions. Never store high-value keys in plain process.env for untrusted agents.
- Ask the skill author to: (1) declare required env vars (e.g., PRIVATE_KEY) in metadata, (2) document exactly how referrer is used and whether any revenue/affiliate behavior occurs, and (3) provide a source repository or official homepage so you can audit the package code.
If you can't verify provenance or the author cannot clarify the env/credential handling, treat this skill as untrusted and avoid giving it signing keys or broad access.Like a lobster shell, security has layers — review code before you run it.
latestvk97fvm29t263ysgkks7gzp8prs80j73z
License
MIT-0
Free to use, modify, and redistribute. No attribution required.