arbitrum_bridge_helper Security Report — Trusted | ClawSafe

5 /100

arbitrum_bridge_helper

Execute official Arbitrum bridge tasks with a wallet found on disk: deposits, withdrawals, claims, status checks, and stuck-bridge diagnosis across Ethereum, Arbitrum One, Arbitrum Nova, and testnets.

This is a pure documentation/guide skill (Markdown only) for Arbitrum bridge operations. No executable code, scripts, or implementation files exist. Wallet discovery on disk is explicitly declared behavior with appropriate security constraints.

Skill Namearbitrum_bridge_helper

Duration45.7s

Enginepi

✓

Safe to install

No action needed. This skill is safe to use as documented.

Findings 1 items

Severity	Finding	Location
Low	Vague wallet search path description Step 2 mentions searching 'common agent-accessible directories' without specifying exact paths. However, explicit constraints prevent exposing secrets. `Existing wallet config files in the workspace or common agent-accessible directories` → Consider specifying exact expected directories (e.g., './wallet-config.json', './.env') for clarity, though current constraints adequately prevent misuse.	`SKILL.md:62`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`NONE`	—	No executable code exists - only Markdown documentation
Network	`NONE`	`NONE`	—	No network calls described in documentation
Shell	`NONE`	`NONE`	—	No shell commands or subprocess calls in documentation
Environment	`NONE`	`NONE`	—	Mentions .env files for wallet discovery but no env iteration described
Skill Invoke	`NONE`	`NONE`	—	No cross-skill invocations described
Clipboard	`NONE`	`NONE`	—	No clipboard access mentioned
Browser	`NONE`	`NONE`	—	No browser automation described
Database	`NONE`	`NONE`	—	No database access mentioned

File Tree

4 files · 18.4 KB · 481 lines

Markdown 4f · 481L

├─ ▾ 📁 references

│ ├─ 📝 routes.md Markdown 69L · 2.3 KB

│ ├─ 📝 triggers.md Markdown 65L · 1.6 KB

│ └─ 📝 troubleshooting.md Markdown 101L · 5.2 KB

└─ 📝 SKILL.md Markdown 246L · 9.4 KB

Security Positives

✓ No executable code - purely instructional Markdown documentation

✓ Explicit 'never reveal private keys' constraint in multiple places

✓ Requires explicit user confirmation before signing/broadcasting any transaction

✓ Does not describe credential exfiltration or external data transmission

✓ No base64, eval, or shell command patterns present

✓ No sensitive system paths (~/.ssh, ~/.aws) mentioned for wallet search

✓ Clear constraints against exposing keystore JSON, mnemonics, or full env file contents

✓ Skill does not promise instant finality or suggest cancelable withdrawals

✓ Proper distinction between USDC and USDC.e demonstrates careful design

Scan Report

Findings 1 items

File Tree

Security Positives