Veillabs Integration
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for a Veillabs crypto DEX integration, but it can create swap and distribution orders without clearly requiring final user confirmation.
Review this skill carefully before installing. It appears purpose-built for Veillabs, but because it deals with crypto swaps and multi-wallet distributions, only use it with a trusted API URL and require manual confirmation before creating any order or sending funds.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could initiate a swap or distribution order with incorrect amounts or wallet destinations, and a user who follows the generated deposit instructions could suffer irreversible crypto loss.
The skill directs the agent to create crypto swap and multi-destination distribution orders, but the rules only require validation of pairs and minimum amounts; they do not require final user approval before creating financially sensitive orders.
Create the swap via `POST /api/exchanges` ... Create via `POST /api/seed/create`
Require explicit user confirmation before every order-creation POST, including the exact source asset, destination asset, amount, destination addresses, estimated output, fees if available, and deposit address.
Wallet addresses, amounts, and transaction tracking details may be sent to the configured Veillabs API endpoint.
The helper sends request bodies to a configured or default external API endpoint. For this skill, those request bodies can include wallet addresses, transaction amounts, and destination splits.
BASE_URL="${VEILLABS_BASE_URL:-https://trade.veillabs.app/api}" ... curl "${CURL_ARGS[@]}"Verify that VEILLABS_BASE_URL points to the intended trusted Veillabs endpoint, preferably over HTTPS, before using the skill for real transactions.
Users have less provenance information for deciding whether to trust this integration with crypto transaction workflows.
The skill is a crypto integration, and the provided metadata does not identify a source repository or publisher provenance beyond the registry owner and homepage.
Source: unknown
Install only if you trust the publisher and have verified the homepage/API endpoint independently.