Security Audit: 0xmasayoshi SushiSwap skills — API and SDK

[agentward-ai]

AgentWard Security Audit: 0xmasayoshi SushiSwap Skills

Scanned by: AgentWard v0.2.5
Skills analyzed: sushiswap-api, sushiswap-sdk
Source: openclaw/skills/0xmasayoshi

Summary

7 of 11 tools rated ⚠️ HIGH for financial operations with value transfer risk. No credentials were detected inline (unlike other audited skills), keeping these out of CRITICAL — but the financial operation surface is significant.

Severity	Count
⚠️ HIGH	7
⚠️ MEDIUM	1
✅ LOW	3

What Was Found

sushiswap-api (6 tools) — REST API wrapper for SushiSwap DEX operations. Three tools (how_to_use, mandatory_referrer_parameter, fee_customization) rated HIGH due to value transfer capabilities (token swaps, fee configuration).

sushiswap-sdk (5 tools) — SDK integration for SushiSwap across multiple networks. Four tools rated HIGH — how_to_use, supported_networks, mandatory_referrer_parameter, and fee_customization all enable financial operations across 15+ blockchain networks.

Risk Details

Unlike the wallet/trading skills in other audits, these skills don't directly handle private keys — they're API/SDK wrappers. The risk comes from:

1. Value transfer via token swaps — the core function is executing DEX trades
2. Fee customization — ability to modify referrer fees could be exploited
3. Multi-network support — sushiswap-sdk supports 15+ networks, expanding the attack surface
4. Mandatory referrer parameter — hardcoded referrer address in all API calls (worth verifying this isn't redirecting fees)

Recommendation

From the AgentWard scan report:

Fix: Mark read-only capabilities (e.g. balance checks, price lookups) explicitly in SKILL.md. Add a ## Security section documenting authentication requirements and value-transfer limits.

AgentWard Policy (recommended)

Users of these skills should enforce least-privilege with AgentWard:

pip install agentward
agentward init

Full Report

Complete permission map (11 tools)

Tool	Capabilities	Risk	Why
sushiswap-api:base_url	read	✅ LOW
sushiswap-api:api_schema	read	✅ LOW
sushiswap-api:how_to_use	read,read,write	⚠️ HIGH	Financial operations — value transfer risk
sushiswap-api:mandatory_referrer_parameter	read,write	⚠️ HIGH	Financial operations — value transfer risk
sushiswap-api:fee_customization	read,read,write	⚠️ HIGH	Financial operations — value transfer risk
sushiswap-api:schema_guidance	read,write	⚠️ MEDIUM
sushiswap-sdk:how_to_use	read,read,write	⚠️ HIGH	Financial operations — value transfer risk
sushiswap-sdk:supported_networks	read,read,write	⚠️ HIGH	Financial operations — value transfer risk
sushiswap-sdk:mandatory_referrer_parameter	read,write	⚠️ HIGH	Financial operations — value transfer risk
sushiswap-sdk:fee_customization	read,write	⚠️ HIGH	Financial operations — value transfer risk
sushiswap-sdk:additional_reference	read	✅ LOW

---

Generated by AgentWard — open-source permission control plane for AI agents.

[agentward-ai]

cc @0xMasayoshi — tagging you as the author of the sushiswap-api and sushiswap-sdk skills on OpenClaw. This is a security audit report generated by AgentWard. The recommendations above can help reduce the risk rating of your skills. Happy to discuss if you have questions.

[agentward-ai]

📎 Full scan report: 0xmasayoshi-report.md (Gist)