← 返回 Skills 市场

BYOCB ArbInjectionSkill

Name: BYOCB ArbInjectionSkill
Author: cryptotooldev

作者 CryptoToolDev · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

1328

总下载

当前安装

版本数

在 OpenClaw 中安装

/install arbinjectionskill

功能描述

BYOCB ArbInjectionSkill: Scan EVM smart contracts for arbitrary call injection vulnerabilities. Monitor chains in real-time or scan specific addresses.

使用说明 (SKILL.md)

BYOCB ArbInjectionSkill

⚠️ Educational Tool — This skill is designed for Solidity/blockchain security researchers and auditors. Intended for educational and authorized security research purposes only. Do not use to exploit vulnerabilities without explicit permission from contract owners.

Detects dangerous CALL/DELEGATECALL patterns that allow arbitrary call injection attacks.

How It Works

ArbInjectionSkill runs automatically in the background, monitoring blockchain(s) for newly deployed contracts. When a potential vulnerability is detected, you must notify the user via their connected messaging channel (Telegram, WhatsApp, Signal, Discord, etc.).

Install

git clone https://github.com/BringYourOwnBot/arb-injection.git
cd arb-injection
npm install

Running the Monitor

Start as a background session for continuous monitoring:

node index.js \x3Cchain> [--no-llm]

Chains: eth, bsc, base, arb, op, polygon, hyper

The monitor will:

Subscribe to new blocks
Detect contract deployments
Scan bytecode for vulnerabilities
Save findings to ./results/

Alerting Users

Critical requirement: When a CRITICAL or HIGH vulnerability is flagged, notify the user immediately.

Check for new findings periodically (via heartbeat or cron):

# Find findings from last 30 minutes
find ./results -name "*.md" -mmin -30

When new findings exist with verdict CRITICAL or HIGH:

Read the .md report
Verify it's not a known false positive (see below)
Send alert via message tool to user's preferred channel

Example alert:

🚨 ArbInjection Alert: Potential vulnerability detected

Chain: BSC
Contract: 0x1234...abcd
Verdict: CRITICAL
Risk: Unprotected arbitrary CALL with user-controlled target

[Link to explorer]

Manual Scan

Scan a specific contract on-demand:

node modules/scan-arbitrary-call.js \x3Caddress> --rpc \x3Cchain>

Interpreting Results

Verdict	Action
CRITICAL	Alert user immediately
HIGH	Alert user immediately
MEDIUM	Review, alert if confirmed
LOW/SAFE	No alert needed

Results saved to ./results/ as .json and .md files.

False Positives

Do NOT alert for these patterns (safe by design):

Immutable DELEGATECALL targets (hardcoded address in bytecode)
EIP-1167 minimal proxies (clone pattern)
UUPS/Transparent proxies with access control
DEX callbacks (uniswapV3SwapCallback, etc.)
Known safe contracts: Multicall3, 1inch, Uniswap, Permit2

Verify before alerting: Check if the flagged CALL target is:

Hardcoded (immutable) → FALSE POSITIVE
From calldata/user input → REAL VULNERABILITY

Environment

Optional .env file:

ANTHROPIC_API_KEY=sk-ant-...   # For LLM deep analysis
BYBOB_OUTPUT=/custom/path      # Override results directory

Maintenance

Daily update required. Detection patterns and fixes are pushed frequently.

cd /path/to/arb-injection
git pull origin main
npm install  # If package.json changed

Schedule daily update check (09:00):

{
  "schedule": { "kind": "cron", "expr": "0 9 * * *" },
  "payload": { "kind": "systemEvent", "text": "ArbInjectionSkill daily update: git pull and npm install" },
  "sessionTarget": "main"
}

Source

Repository: https://github.com/BringYourOwnBot/arb-injection
Part of the BYOCB (Bring Your Own ClawdBot) skill collection.

安全使用建议

This skill’s goal (EVM arbitrary-call scanning) is plausible, but the instructions ask you to clone and run a third‑party GitHub repo as a persistent background service and to send alerts through messaging channels — yet it doesn't declare the RPC endpoints or messaging credentials it needs. Before installing: (1) review the referenced GitHub repo source code yourself (or have a trusted auditor do so); (2) run it in an isolated environment/container with least privilege; (3) supply only read-only RPC endpoints or limited-permission keys; (4) avoid providing messaging credentials unless you trust the code and consider using a separate alerting account with minimal permissions; (5) confirm maintainers, repository history, and issue activity; and (6) prefer a packaged skill that declares required env vars and provenance rather than following ad-hoc install steps. If you cannot review the code or verify the repo/maintainers, treat this as high-risk and do not run it on sensitive systems.

功能分析

Type: OpenClaw Skill Name: Developer: Version: Description: OpenClaw Agent Skill The skill is classified as suspicious due to a significant supply chain vulnerability. The `SKILL.md` explicitly instructs the AI agent to schedule a daily cron job to perform `git pull origin main` and `npm install` from the external GitHub repository `https://github.com/BringYourOwnBot/arb-injection`. While framed as 'maintenance,' this allows for automatic fetching and execution of potentially malicious code if the upstream repository is compromised, without further user intervention. Additionally, the skill instructs the agent to use a `message` tool for notifications, indicating access to external communication channels, which could be leveraged if the skill's code is compromised.

能力评估

ℹ Purpose & Capability

The skill's name/description (arbitrary call injection scanning and monitoring) aligns with the included runtime instructions (scan bytecode, monitor new deployments, save results). However, required operational pieces that are necessary for that capability — blockchain RPC endpoints, messaging channel credentials, and possibly LLM API keys — are not listed in the skill's declared requirements. That omission is inconsistent with the stated continuous-monitoring purpose.

⚠ Instruction Scope

SKILL.md instructs the agent/operator to clone a GitHub repository, run npm install, and execute node index.js as a background monitor; read/write local files under ./results; periodically inspect results and send alerts via external messaging channels; and schedule daily git pulls. These instructions involve fetching and executing external code, file I/O, persistent background execution, and sending data to external channels — all without specifying what exact credentials or endpoints will be used or how sensitive data is handled. The broad, operationally open-ended instructions increase the risk of unintended behavior or data exfiltration.

⚠ Install Mechanism

Although the skill package itself contains no install spec, the SKILL.md explicitly tells operators to git clone https://github.com/BringYourOwnBot/arb-injection.git and run npm install / node. That directs the environment to fetch and execute third-party code at runtime. While the host is GitHub (a common release host), cloning and running arbitrary repo code is higher risk than an instruction-only skill that does not prompt external installs.

⚠ Credentials

The document mentions optional environment variables (ANTHROPIC_API_KEY, BYBOB_OUTPUT) but the skill declares no required env vars or primary credential. In practice the monitor and scans will need RPC endpoints (and likely RPC keys, rate-limit credentials), and alerting requires messaging service tokens or bot credentials — none are declared. This mismatch means the skill's declared environment access is insufficiently specific and could lead operators to supply sensitive credentials without clear justification.

ℹ Persistence & Privilege

The skill does not set always:true, but it strongly instructs operators to run a background process and schedule daily updates (git pull + npm install). That encourages persistent presence on the host and ongoing network activity. While not a platform-level privilege escalation, running persistent third-party code increases the blast radius and should be considered when evaluating trust.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install arbinjectionskill
安装完成后，直接呼叫该 Skill 的名称或使用 /arbinjectionskill 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of BYOCB ArbInjectionSkill: - Scans EVM smart contracts for arbitrary call injection vulnerabilities. - Monitors multiple blockchains in real-time for new contract deployments. - Supports on-demand scanning of specific addresses. - Saves findings with risk verdicts (CRITICAL, HIGH, MEDIUM, LOW/SAFE) and detailed reports. - Provides guidance for alerting users and avoiding false positives. - Includes scheduled update recommendations and environment variable support.

元数据

Slug arbinjectionskill

版本 1.0.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 1

常见问题