ClawHub

Uniswap Cross Chain Swap

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-aligned, but it can delegate real cross-chain fund movement without clearly requiring final user approval after the exact quote and fees are known.

Review before installing. Use only if you trust the publisher and can inspect or trust the referenced executor. Before any swap, require the agent or wallet to show the exact source and destination chains, tokens, amount, recipient, route, estimated received amount, fees, slippage, transaction data, and irreversibility, then obtain explicit user approval or wallet signing before funds move.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger examples include broad phrases like "Cross-chain swap" and "Swap tokens across chains," which can cause the skill to activate on vague user intents without sufficiently confirming transaction details. In a fund-moving blockchain context, overbroad activation increases the chance of the agent initiating or preparing irreversible financial actions from ambiguous requests.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill description omits a clear warning that this capability can move user funds and trigger irreversible on-chain transactions across chains. In a cross-chain swap context, missing this warning makes accidental invocation and unsafe delegation more dangerous because users may not realize the action has financial and irreversible consequences.

VirusTotal

48/48 vendors flagged this skill as clean.

View on VirusTotal