← Back to Skills Marketplace
cryptotooldev

BYOCB ArbInjectionSkill

by CryptoToolDev · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
1328
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install arbinjectionskill
Description
BYOCB ArbInjectionSkill: Scan EVM smart contracts for arbitrary call injection vulnerabilities. Monitor chains in real-time or scan specific addresses.
README (SKILL.md)

BYOCB ArbInjectionSkill

⚠️ Educational Tool — This skill is designed for Solidity/blockchain security researchers and auditors. Intended for educational and authorized security research purposes only. Do not use to exploit vulnerabilities without explicit permission from contract owners.

Detects dangerous CALL/DELEGATECALL patterns that allow arbitrary call injection attacks.

How It Works

ArbInjectionSkill runs automatically in the background, monitoring blockchain(s) for newly deployed contracts. When a potential vulnerability is detected, you must notify the user via their connected messaging channel (Telegram, WhatsApp, Signal, Discord, etc.).

Install

git clone https://github.com/BringYourOwnBot/arb-injection.git
cd arb-injection
npm install

Running the Monitor

Start as a background session for continuous monitoring:

node index.js \x3Cchain> [--no-llm]

Chains: eth, bsc, base, arb, op, polygon, hyper

The monitor will:

  1. Subscribe to new blocks
  2. Detect contract deployments
  3. Scan bytecode for vulnerabilities
  4. Save findings to ./results/

Alerting Users

Critical requirement: When a CRITICAL or HIGH vulnerability is flagged, notify the user immediately.

Check for new findings periodically (via heartbeat or cron):

# Find findings from last 30 minutes
find ./results -name "*.md" -mmin -30

When new findings exist with verdict CRITICAL or HIGH:

  1. Read the .md report
  2. Verify it's not a known false positive (see below)
  3. Send alert via message tool to user's preferred channel

Example alert:

🚨 ArbInjection Alert: Potential vulnerability detected

Chain: BSC
Contract: 0x1234...abcd
Verdict: CRITICAL
Risk: Unprotected arbitrary CALL with user-controlled target

[Link to explorer]

Manual Scan

Scan a specific contract on-demand:

node modules/scan-arbitrary-call.js \x3Caddress> --rpc \x3Cchain>

Interpreting Results

Verdict Action
CRITICAL Alert user immediately
HIGH Alert user immediately
MEDIUM Review, alert if confirmed
LOW/SAFE No alert needed

Results saved to ./results/ as .json and .md files.

False Positives

Do NOT alert for these patterns (safe by design):

  • Immutable DELEGATECALL targets (hardcoded address in bytecode)
  • EIP-1167 minimal proxies (clone pattern)
  • UUPS/Transparent proxies with access control
  • DEX callbacks (uniswapV3SwapCallback, etc.)
  • Known safe contracts: Multicall3, 1inch, Uniswap, Permit2

Verify before alerting: Check if the flagged CALL target is:

  • Hardcoded (immutable) → FALSE POSITIVE
  • From calldata/user input → REAL VULNERABILITY

Environment

Optional .env file:

ANTHROPIC_API_KEY=sk-ant-...   # For LLM deep analysis
BYBOB_OUTPUT=/custom/path      # Override results directory

Maintenance

Daily update required. Detection patterns and fixes are pushed frequently.

cd /path/to/arb-injection
git pull origin main
npm install  # If package.json changed

Schedule daily update check (09:00):

{
  "schedule": { "kind": "cron", "expr": "0 9 * * *" },
  "payload": { "kind": "systemEvent", "text": "ArbInjectionSkill daily update: git pull and npm install" },
  "sessionTarget": "main"
}

Source

Repository: https://github.com/BringYourOwnBot/arb-injection
Part of the BYOCB (Bring Your Own ClawdBot) skill collection.

Usage Guidance
This skill’s goal (EVM arbitrary-call scanning) is plausible, but the instructions ask you to clone and run a third‑party GitHub repo as a persistent background service and to send alerts through messaging channels — yet it doesn't declare the RPC endpoints or messaging credentials it needs. Before installing: (1) review the referenced GitHub repo source code yourself (or have a trusted auditor do so); (2) run it in an isolated environment/container with least privilege; (3) supply only read-only RPC endpoints or limited-permission keys; (4) avoid providing messaging credentials unless you trust the code and consider using a separate alerting account with minimal permissions; (5) confirm maintainers, repository history, and issue activity; and (6) prefer a packaged skill that declares required env vars and provenance rather than following ad-hoc install steps. If you cannot review the code or verify the repo/maintainers, treat this as high-risk and do not run it on sensitive systems.
Capability Analysis
Type: OpenClaw Skill Name: Developer: Version: Description: OpenClaw Agent Skill The skill is classified as suspicious due to a significant supply chain vulnerability. The `SKILL.md` explicitly instructs the AI agent to schedule a daily cron job to perform `git pull origin main` and `npm install` from the external GitHub repository `https://github.com/BringYourOwnBot/arb-injection`. While framed as 'maintenance,' this allows for automatic fetching and execution of potentially malicious code if the upstream repository is compromised, without further user intervention. Additionally, the skill instructs the agent to use a `message` tool for notifications, indicating access to external communication channels, which could be leveraged if the skill's code is compromised.
Capability Assessment
Purpose & Capability
The skill's name/description (arbitrary call injection scanning and monitoring) aligns with the included runtime instructions (scan bytecode, monitor new deployments, save results). However, required operational pieces that are necessary for that capability — blockchain RPC endpoints, messaging channel credentials, and possibly LLM API keys — are not listed in the skill's declared requirements. That omission is inconsistent with the stated continuous-monitoring purpose.
Instruction Scope
SKILL.md instructs the agent/operator to clone a GitHub repository, run npm install, and execute node index.js as a background monitor; read/write local files under ./results; periodically inspect results and send alerts via external messaging channels; and schedule daily git pulls. These instructions involve fetching and executing external code, file I/O, persistent background execution, and sending data to external channels — all without specifying what exact credentials or endpoints will be used or how sensitive data is handled. The broad, operationally open-ended instructions increase the risk of unintended behavior or data exfiltration.
Install Mechanism
Although the skill package itself contains no install spec, the SKILL.md explicitly tells operators to git clone https://github.com/BringYourOwnBot/arb-injection.git and run npm install / node. That directs the environment to fetch and execute third-party code at runtime. While the host is GitHub (a common release host), cloning and running arbitrary repo code is higher risk than an instruction-only skill that does not prompt external installs.
Credentials
The document mentions optional environment variables (ANTHROPIC_API_KEY, BYBOB_OUTPUT) but the skill declares no required env vars or primary credential. In practice the monitor and scans will need RPC endpoints (and likely RPC keys, rate-limit credentials), and alerting requires messaging service tokens or bot credentials — none are declared. This mismatch means the skill's declared environment access is insufficiently specific and could lead operators to supply sensitive credentials without clear justification.
Persistence & Privilege
The skill does not set always:true, but it strongly instructs operators to run a background process and schedule daily updates (git pull + npm install). That encourages persistent presence on the host and ongoing network activity. While not a platform-level privilege escalation, running persistent third-party code increases the blast radius and should be considered when evaluating trust.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install arbinjectionskill
  3. After installation, invoke the skill by name or use /arbinjectionskill
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of BYOCB ArbInjectionSkill: - Scans EVM smart contracts for arbitrary call injection vulnerabilities. - Monitors multiple blockchains in real-time for new contract deployments. - Supports on-demand scanning of specific addresses. - Saves findings with risk verdicts (CRITICAL, HIGH, MEDIUM, LOW/SAFE) and detailed reports. - Provides guidance for alerting users and avoiding false positives. - Includes scheduled update recommendations and environment variable support.
Metadata
Slug arbinjectionskill
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is BYOCB ArbInjectionSkill?

BYOCB ArbInjectionSkill: Scan EVM smart contracts for arbitrary call injection vulnerabilities. Monitor chains in real-time or scan specific addresses. It is an AI Agent Skill for Claude Code / OpenClaw, with 1328 downloads so far.

How do I install BYOCB ArbInjectionSkill?

Run "/install arbinjectionskill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is BYOCB ArbInjectionSkill free?

Yes, BYOCB ArbInjectionSkill is completely free (open-source). You can download, install and use it at no cost.

Which platforms does BYOCB ArbInjectionSkill support?

BYOCB ArbInjectionSkill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created BYOCB ArbInjectionSkill?

It is built and maintained by CryptoToolDev (@cryptotooldev); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments