arb-injection
BYOCB ArbInjectionSkill: Scan EVM smart contracts for arbitrary call injection vulnerabilities. Monitor chains in real-time or scan specific addresses.
Why use this skill?
Automate smart contract security with the ArbInjectionSkill. Detect arbitrary call injection vulnerabilities in EVM bytecode on multiple chains in real-time.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/dexiaong/arb-injectionwfdWhat This Skill Does
The ArbInjectionSkill is a specialized security auditing tool for the OpenClaw agent designed to scan EVM-compatible smart contracts for arbitrary call and delegatecall vulnerabilities. Arbitrary call injection is a critical security flaw where an attacker can influence the destination of a contract's external calls, potentially draining funds or manipulating contract state. This skill monitors blockchain networks in real-time, inspects bytecode for risky patterns, and maintains a local database of scan findings. It includes logic to distinguish between dangerous user-controlled calls and legitimate architectural patterns like proxies or DEX callbacks.
Installation
To install the skill, use the OpenClaw CLI: clawhub install openclaw/skills/skills/dexiaong/arb-injectionwfd. Ensure you have an active Node.js environment installed. After installation, you may optionally configure an .env file with your ANTHROPIC_API_KEY to leverage LLM-based analysis for improved false-positive filtering during the scanning process.
Use Cases
This skill is intended for smart contract auditors, bug bounty hunters, and developers who need to secure their deployments. Common use cases include: 1) Monitoring newly deployed contracts on major L1/L2 networks (BSC, ETH, Arbitrum, etc.) for emerging threats. 2) Conducting on-demand security audits of existing contracts before integrating them into a protocol. 3) Automating vulnerability notification workflows to receive instant alerts via Telegram or Discord when a critical risk is identified.
Example Prompts
- "OpenClaw, scan contract 0x7a10... on BSC for arbitrary call vulnerabilities and report findings."
- "Start monitoring the Ethereum network for new deployments and alert me immediately if any contract shows a CRITICAL verdict."
- "Check the most recent scan report in the results folder and explain why the 0x123... contract was flagged as a high risk."
Tips & Limitations
To minimize noise, the skill utilizes built-in filtering for known safe patterns such as EIP-1167 proxies, UUPS/Transparent proxies, and common utility libraries like Multicall3. Always verify findings manually before acting, especially for high-value targets. Be aware that the skill performs local file system operations to store findings and requires network access to query RPC nodes. The efficacy of the scan depends on the quality of the RPC endpoint provided; consider using high-performance nodes for real-time monitoring to avoid missing block events.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-dexiaong-arb-injectionwfd": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: network-access, file-write, file-read, external-api, code-execution
Related Skills
omnicog
Universal service integration for OpenClaw — connect Reddit, Steam, Spotify, GitHub, Discord, and more with a single API.
lulu-monitor
AI-powered LuLu Firewall companion for macOS. Monitors firewall alerts, analyzes connections with AI, sends Telegram notifications with Allow/Block buttons. Use when setting up LuLu integration, handling firewall callbacks, or troubleshooting LuLu Monitor issues.
gmail-client-PM
Read and send emails via Gmail. Use to list unread messages, read specific emails by ID, or send new emails.
parallel-task-executor
多任务并行执行管理器。接收多条指令并同步执行,支持优先级调度、任务依赖、结果收集和进度跟踪。适用于需要并发处理多个独立任务的场景。
chaterimo
AI Customer Service for Shopify & E-commerce - Query conversations, analyze chatbot performance, and manage your Chaterimo AI assistant