Skill Trust Decision
dex-arbitrage
Undeclared payment/billing system with hardcoded API key exposes credential; SKILL.md falsely presents tool as general-purpose DEX arbitrage without disclosing mandatory per-call charges.
Most direct threat evidence
High Doc Mismatch
Undeclared mandatory payment/billing system SKILL.md describes a free DEX arbitrage assistant but payment.py silently implements a mandatory billing system charging 0.01 USDT per invocation. Users are unaware they will be charged. The _meta.json declares pricing but SKILL.md never mentions it.
payment.py:1 Why this conclusion was reached
3/4 dimensions flagged Block
Declared vs actual capability
2 undeclared or violating capabilities were inferred.
Block
Hidden execution and egress
1 high-risk artifacts or egress signals were extracted.
Block
Attack chain and severe findings
The report includes 0 attack-chain steps and 2 severe findings.
Review
Dependencies and supply chain hygiene
Dependency information is incomplete, so supply-chain confidence stays limited.
What drove the risk score up
Doc deception - undeclared billing system +20
SKILL.md describes free arbitrage tools but payment.py charges 0.01 USDT per call; billing functionality never mentioned in docs
Hardcoded API credential in source +20
BILLING_API_KEY hardcoded in plaintext at payment.py:12 — exposes service credential to repo/public
Undeclared network access +10
SKILL.md declares no allowed-tools; payment.py silently makes HTTPS requests to skillpay.me
Silent data transmission +5
User IDs from SKILLPAY_USER_ID env var are sent to external endpoint
Most important evidence
High Doc Mismatch
Undeclared mandatory payment/billing system
SKILL.md describes a free DEX arbitrage assistant but payment.py silently implements a mandatory billing system charging 0.01 USDT per invocation. Users are unaware they will be charged. The _meta.json declares pricing but SKILL.md never mentions it.
payment.py:1 Add prominent billing disclosure in SKILL.md including pricing (0.01 USDT/call), payment provider (skillpay.me), and required environment variables (SKILLPAY_USER_ID, SKILLPAY_API_KEY)
High Credential Theft
Hardcoded API key exposed in source code
BILLING_API_KEY = 'sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2' is hardcoded at payment.py:12. This credential is permanently embedded in the skill package and visible to anyone who inspects the code.
payment.py:12 Move BILLING_API_KEY to an environment variable (SKILLPAY_API_KEY as noted in _meta.json), never hardcode credentials in source files
Medium Doc Mismatch
Missing allowed-tools declaration
SKILL.md declares no allowed-tools. The skill performs network requests (to skillpay.me and DEX APIs) and reads environment variables, but these resource accesses are not declared in the skill manifest.
SKILL.md:1 Add allowed-tools declaration to SKILL.md: network:READ for DEX API calls, environment:READ for SKILLPAY_USER_ID
Low Data Exfil
User ID transmitted to external endpoint
verify_payment() reads SKILLPAY_USER_ID from environment and sends it to skillpay.me/api/v1/billing/* endpoints. While this is necessary for billing, it is undeclared and the endpoint's data handling policy is unknown.
payment.py:99 Document what data is sent to skillpay.me, provide privacy policy link, and consider making the endpoint configurable
Declared capability vs actual capability
Filesystem Pass
Declared NONE
→ Inferred NONE
No file writes in code; scripts are generators/calculators only Network Block
Declared NONE
→ Inferred READ
payment.py:27-30 sends POST to skillpay.me; price_monitor.py:43-49 fetches DEX prices — no declaration in SKILL.md Shell Pass
Declared NONE
→ Inferred NONE
No subprocess/shell execution found Environment Block
Declared NONE
→ Inferred READ
payment.py:99 reads SKILLPAY_USER_ID from os.environ without declaration Suspicious artifacts and egress
High API Key
API_KEY = "sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2" payment.py:12
Medium External URL
https://skillpay.me payment.py:11
Medium External URL
https://dexscreener.com/ references/arbitrage-tools.md:7
Medium External URL
https://www.coingecko.com/ references/arbitrage-tools.md:25
Medium External URL
https://api.coingecko.com/api/v3/simple/price?ids= references/arbitrage-tools.md:32
Medium External URL
https://portal.1inch.dev/ references/arbitrage-tools.md:47
Medium External URL
https://api.1inch.dev/swap/v5.2/1/quote? references/arbitrage-tools.md:58
Medium External URL
https://eth.llamarpc.com references/arbitrage-tools.md:99
Medium External URL
https://api.0x.org/swap/v1/quote? references/arbitrage-tools.md:144
Medium External URL
https://li.quest/v1/quote references/arbitrage-tools.md:163
Medium External URL
https://socket.tech/ references/arbitrage-tools.md:177
Medium External URL
https://across.to/ references/arbitrage-tools.md:186
Dependencies and supply chain
There are no structured dependency warnings.
File composition
11 files · 3911 lines
Markdown 6 files · 2517 linesPython 4 files · 1375 linesJSON 1 files · 19 lines
Files of concern · 6
scripts/flashloan_generator.py 0x2f39d218133AFaB8F2B819B1066c7E434Ad94E9e · 0xE592427A0AEce92De3Edee1F18E0157C05861564 · 0xd9e1cE17f2641f24aE83637ab66a2cca9C378B9F · 0xBA12222222228d8Ba445958a75a0704d566BF2C8 · 0xa97684ead0e402dC232d5A977953DF7ECBaB3CDb · 0x1b02dA8Cb0d097eB8D57A175b88c7D8b47997506
SKILL.md Missing allowed-tools declaration
scripts/price_monitor.py https://api.thegraph.com/subgraphs/name/uniswap/uniswap-v3 · https://api.thegraph.com/subgraphs/name/sushiswap/exchange · https://api.curve.fi/api/getPools
references/arbitrage-tools.md https://dexscreener.com/ · https://www.coingecko.com/ · https://api.coingecko.com/api/v3/simple/price?ids= · https://portal.1inch.dev/ · https://api.1inch.dev/swap/v5.2/1/quote? · https://eth.llamarpc.com · https://api.0x.org/swap/v1/quote? · https://li.quest/v1/quote · https://socket.tech/ · https://across.to/ · https://protect.flashbots.net/ · https://rpc.flashbots.net · https://www.edennetwork.io/ · https://api.edennetwork.io/v1/rpc · https://cowswap.exchange/ · https://dune.com/ · https://eigenphi.io/ · https://explorer.flashbots.net/ · https://tenderly.co/ · https://book.getfoundry.sh/ · https://hardhat.org/ · https://zapper.fi/ · https://debank.com/ · https://www.alchemy.com/ · https://infura.io/ · https://www.quicknode.com/ · https://rpc.ankr.com/eth · https://ethereum.publicnode.com · https://arb1.arbitrum.io/rpc · https://arbitrum.llamarpc.com · https://chainlist.org/ · https://docs.uniswap.org/ · https://docs.flashbots.net/ · https://docs.ethers.org/ · https://explore.flashbots.net/ · https://writings.flashbots.net/
references/mev-protection.md https://relay.flashbots.net · https://protect.flashbots.net/v1/rpc · https://rpc.mevblocker.io · https://cowswap.exchange
payment.py Undeclared mandatory payment/billing system · Hardcoded API key exposed in source code · User ID transmitted to external endpoint · API_KEY = "sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2" · https://skillpay.me
Other files · arbitrage_calculator.py · flashloan-arbitrage.md · bridge-guide.md · arbitrage-basics.md · _meta.json
Security positives
No reverse shell, C2 infrastructure, or remote code execution patterns found
Python scripts are calculation/generation utilities — no direct wallet draining code
flashloan_generator.py generates Solidity contract templates, not malicious contracts
No base64 obfuscation, eval chains, or anti-analysis techniques detected
No access to ~/.ssh, ~/.aws, .env, or other sensitive filesystem paths
No cron/persistence mechanisms or startup hooks present
DEX price APIs (CoinGecko, 1inch, The Graph) are legitimate and relevant to stated purpose