Skills
skills/openclaw/skills/sushiswap-sdk/Gen Agent Trust Hub

sushiswap-sdk

Fail

Audited by Gen Agent Trust Hub on Feb 14, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill implements a workflow where data fetched from an external API (sushi SDK) is directly used to perform high-stakes write operations on the blockchain.
  • Ingestion points: The response from the getSwap() function in REFERENCE.md.
  • Boundary markers: None present; the code assumes the integrity of the fetched transaction data.
  • Capability inventory: Use of walletClient.sendTransaction to execute arbitrary calldata.
  • Sanitization: No validation or simulation of the calldata is performed before execution.
  • Data Exposure & Exfiltration (MEDIUM): The reference code (REFERENCE.md) explicitly demonstrates accessing a PRIVATE_KEY from environment variables to sign transactions. This practice exposes sensitive credentials to the agent's runtime environment, making them susceptible to exposure via other injection vectors.
  • Unverifiable Dependencies (MEDIUM): The skill instructs users to install the sushi and viem packages. While viem is a common library, the sushi package belongs to an organization not included in the trusted source list, making it an unverifiable dependency.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 14, 2026, 06:01 PM