← Back to Skills Marketplace
cryptotooldev

BYOCB ArbInjectionSkill

by CryptoToolDev · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
1372
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install arb-injection
Description
BYOCB ArbInjectionSkill: Scan EVM smart contracts for arbitrary call injection vulnerabilities. Monitor chains in real-time or scan specific addresses.
README (SKILL.md)

BYOCB ArbInjectionSkill

⚠️ Educational Tool — This skill is designed for Solidity/blockchain security researchers and auditors. Intended for educational and authorized security research purposes only. Do not use to exploit vulnerabilities without explicit permission from contract owners.

Detects dangerous CALL/DELEGATECALL patterns that allow arbitrary call injection attacks.

How It Works

ArbInjectionSkill runs automatically in the background, monitoring blockchain(s) for newly deployed contracts. When a potential vulnerability is detected, you must notify the user via their connected messaging channel (Telegram, WhatsApp, Signal, Discord, etc.).

Install

git clone https://github.com/BringYourOwnBot/arb-injection.git
cd arb-injection
npm install

Running the Monitor

Start as a background session for continuous monitoring:

node index.js \x3Cchain> [--no-llm]

Chains: eth, bsc, base, arb, op, polygon, hyper

The monitor will:

  1. Subscribe to new blocks
  2. Detect contract deployments
  3. Scan bytecode for vulnerabilities
  4. Save findings to ./results/

Alerting Users

Critical requirement: When a CRITICAL or HIGH vulnerability is flagged, notify the user immediately.

Check for new findings periodically (via heartbeat or cron):

# Find findings from last 30 minutes
find ./results -name "*.md" -mmin -30

When new findings exist with verdict CRITICAL or HIGH:

  1. Read the .md report
  2. Verify it's not a known false positive (see below)
  3. Send alert via message tool to user's preferred channel

Example alert:

🚨 ArbInjection Alert: Potential vulnerability detected

Chain: BSC
Contract: 0x1234...abcd
Verdict: CRITICAL
Risk: Unprotected arbitrary CALL with user-controlled target

[Link to explorer]

Manual Scan

Scan a specific contract on-demand:

node modules/scan-arbitrary-call.js \x3Caddress> --rpc \x3Cchain>

Interpreting Results

Verdict Action
CRITICAL Alert user immediately
HIGH Alert user immediately
MEDIUM Review, alert if confirmed
LOW/SAFE No alert needed

Results saved to ./results/ as .json and .md files.

False Positives

Do NOT alert for these patterns (safe by design):

  • Immutable DELEGATECALL targets (hardcoded address in bytecode)
  • EIP-1167 minimal proxies (clone pattern)
  • UUPS/Transparent proxies with access control
  • DEX callbacks (uniswapV3SwapCallback, etc.)
  • Known safe contracts: Multicall3, 1inch, Uniswap, Permit2

Verify before alerting: Check if the flagged CALL target is:

  • Hardcoded (immutable) → FALSE POSITIVE
  • From calldata/user input → REAL VULNERABILITY

Environment

Optional .env file:

ANTHROPIC_API_KEY=sk-ant-...   # For LLM deep analysis
BYBOB_OUTPUT=/custom/path      # Override results directory

Maintenance

Daily update required. Detection patterns and fixes are pushed frequently.

cd /path/to/arb-injection
git pull origin main
npm install  # If package.json changed

Schedule daily update check (09:00):

{
  "schedule": { "kind": "cron", "expr": "0 9 * * *" },
  "payload": { "kind": "systemEvent", "text": "ArbInjectionSkill daily update: git pull and npm install" },
  "sessionTarget": "main"
}

Source

Repository: https://github.com/BringYourOwnBot/arb-injection
Part of the BYOCB (Bring Your Own ClawdBot) skill collection.

Usage Guidance
This skill looks like a legitimate EVM-scanning tool, but the SKILL.md asks you to clone and run third‑party Node code and to notify external messaging channels while the registry metadata declares no installs, binaries, or credentials. Before installing or running it: (1) review the GitHub repository and package.json for malicious postinstall scripts or unexpected network calls; (2) run the code in an isolated environment (VM/container) and inspect index.js and any modules that send network requests; (3) do not provide messaging API tokens or other secrets until you verify how alerts are delivered; (4) prefer running scans manually or under your own monitored service rather than allowing silent background/auto-update behavior; (5) ask the publisher to update registry metadata to list required binaries (git, node, npm), required env vars, and an install spec or provide a vetted package/release. If you cannot audit the repository, treat this skill as high-risk and avoid granting it persistent or credentialed access.
Capability Analysis
Type: OpenClaw Skill Name: Developer: Version: Description: OpenClaw Agent Skill The skill is classified as suspicious due to its high-privilege capabilities and potential for supply chain risk. Specifically, the `SKILL.md` file instructs the OpenClaw agent to schedule a daily cron job to perform `git pull origin main` and `npm install` from `https://github.com/BringYourOwnBot/arb-injection`. While framed as maintenance, this grants the skill persistent self-update capabilities, allowing it to fetch and execute new code from a remote repository without further explicit user consent, which is a significant supply chain vulnerability. Additionally, the skill is instructed to run as a 'background session' for continuous monitoring, implying persistence, and to use a `message` tool for external communication (alerting).
Capability Assessment
Purpose & Capability
The description (scan/monitor EVM contracts) is consistent with the runtime instructions. However, the skill metadata declares no required binaries or install steps while the SKILL.md explicitly requires git, node, and npm and a GitHub repository. The missing declaration of those runtime requirements is an incoherence.
Instruction Scope
The instructions tell the agent to git clone a repository, npm install, run node index.js as a background monitor, read and write ./results/, periodically check results, and notify users via messaging channels. Those steps involve network downloads, code execution, filesystem writes, and external notifications — all beyond what the metadata describes and granting substantial runtime discretion.
Install Mechanism
Although the registry lists no install spec, SKILL.md instructs cloning https://github.com/BringYourOwnBot/arb-injection.git and running npm install. That directs the agent to fetch and execute third‑party code (extract/run), which is higher risk and should have been declared or curated. The lack of an explicit install manifest in the registry but an explicit install flow in SKILL.md is inconsistent.
Credentials
The metadata declares no required env vars or credentials, but SKILL.md references an optional ANTHROPIC_API_KEY and suggests notifying users over channels (Telegram/WhatsApp/Signal/Discord) without specifying required tokens. This mismatch leaves unclear what secrets the skill needs and how they will be used — and the instructions ask the agent to access and possibly transmit findings externally.
Persistence & Privilege
The skill metadata does not set always:true or other persistence flags, yet the instructions assume continuous background monitoring, cron/heartbeat checks, and a daily auto-update git pull/npm install. That indicates intended persistent behavior not reflected in the registry privileges, increasing risk if the agent were to autonomously implement persistence.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install arb-injection
  3. After installation, invoke the skill by name or use /arb-injection
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial public release. - Scan EVM smart contracts for arbitrary call injection vulnerabilities. - Real-time monitoring of blockchain contract deployments on major EVM chains. - Immediate user alerts for CRITICAL and HIGH severity findings. - Manual scan capability for specific addresses. - Built-in false positive detection for common safe patterns and known contracts. - Results saved to local directory for review and alerting workflows.
v0.1.0
- Initial release of arb-injection skill for scanning EVM contracts for arbitrary call injection vulnerabilities. - Monitors supported chains in real-time or allows manual scanning of specific contract addresses. - Automatically detects and reports dangerous CALL/DELEGATECALL patterns. - Critical or high-severity findings require immediate alert to the user via their preferred messaging channel. - Built-in support for result filtering and false positive reduction, especially for proxy and DEX-related contracts. - Easy install and update instructions provided for ongoing maintenance.
Metadata
Slug arb-injection
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is BYOCB ArbInjectionSkill?

BYOCB ArbInjectionSkill: Scan EVM smart contracts for arbitrary call injection vulnerabilities. Monitor chains in real-time or scan specific addresses. It is an AI Agent Skill for Claude Code / OpenClaw, with 1372 downloads so far.

How do I install BYOCB ArbInjectionSkill?

Run "/install arb-injection" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is BYOCB ArbInjectionSkill free?

Yes, BYOCB ArbInjectionSkill is completely free (open-source). You can download, install and use it at no cost.

Which platforms does BYOCB ArbInjectionSkill support?

BYOCB ArbInjectionSkill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created BYOCB ArbInjectionSkill?

It is built and maintained by CryptoToolDev (@cryptotooldev); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments