✓ Verified 📱 Social Media ✓ Enhanced Data

Arb Injection

BYOCB ArbInjectionSkill: Scan EVM smart contracts for arbitrary call injection vulnerabilities.

Rating
4 (63 reviews)
Downloads
880 downloads
Version
1.0.0

Overview

BYOCB ArbInjectionSkill: Scan EVM smart contracts for arbitrary call injection vulnerabilities.

Complete Documentation

View Source →

BYOCB ArbInjectionSkill

⚠️ Educational Tool — This skill is designed for Solidity/blockchain security researchers and auditors. Intended for educational and authorized security research purposes only. Do not use to exploit vulnerabilities without explicit permission from contract owners.

Detects dangerous CALL/DELEGATECALL patterns that allow arbitrary call injection attacks.

How It Works

ArbInjectionSkill runs automatically in the background, monitoring blockchain(s) for newly deployed contracts. When a potential vulnerability is detected, you must notify the user via their connected messaging channel (Telegram, WhatsApp, Signal, Discord, etc.).

Install

bash
git clone https://github.com/BringYourOwnBot/arb-injection.git
cd arb-injection
npm install

Running the Monitor

Start as a background session for continuous monitoring:

bash
node index.js <chain> [--no-llm]

Chains: eth, bsc, base, arb, op, polygon, hyper

The monitor will:

  • Subscribe to new blocks
  • Detect contract deployments
  • Scan bytecode for vulnerabilities
  • Save findings to ./results/

Alerting Users

Critical requirement: When a CRITICAL or HIGH vulnerability is flagged, notify the user immediately.

Check for new findings periodically (via heartbeat or cron):

bash
# Find findings from last 30 minutes
find ./results -name "*.md" -mmin -30

When new findings exist with verdict CRITICAL or HIGH:

  • Read the .md report
  • Verify it's not a known false positive (see below)
  • Send alert via message tool to user's preferred channel
Example alert:
text
🚨 ArbInjection Alert: Potential vulnerability detected

Chain: BSC
Contract: 0x1234...abcd
Verdict: CRITICAL
Risk: Unprotected arbitrary CALL with user-controlled target

[Link to explorer]

Manual Scan

Scan a specific contract on-demand:

bash
node modules/scan-arbitrary-call.js <address> --rpc <chain>

Interpreting Results

VerdictAction
CRITICALAlert user immediately
HIGHAlert user immediately
MEDIUMReview, alert if confirmed
LOW/SAFENo alert needed
Results saved to ./results/ as .json and .md files.

False Positives

Do NOT alert for these patterns (safe by design):

  • Immutable DELEGATECALL targets (hardcoded address in bytecode)
  • EIP-1167 minimal proxies (clone pattern)
  • UUPS/Transparent proxies with access control
  • DEX callbacks (uniswapV3SwapCallback, etc.)
  • Known safe contracts: Multicall3, 1inch, Uniswap, Permit2
Verify before alerting: Check if the flagged CALL target is:
  • Hardcoded (immutable) → FALSE POSITIVE
  • From calldata/user input → REAL VULNERABILITY

Environment

Optional .env file:

text
ANTHROPIC_API_KEY=sk-ant-...   # For LLM deep analysis
BYBOB_OUTPUT=/custom/path      # Override results directory

Maintenance

Daily update required. Detection patterns and fixes are pushed frequently.

bash
cd /path/to/arb-injection
git pull origin main
npm install  # If package.json changed

Schedule daily update check (09:00):

json
{
  "schedule": { "kind": "cron", "expr": "0 9 * * *" },
  "payload": { "kind": "systemEvent", "text": "ArbInjectionSkill daily update: git pull and npm install" },
  "sessionTarget": "main"
}

Source

Repository: https://github.com/BringYourOwnBot/arb-injection Part of the BYOCB (Bring Your Own ClawdBot) skill collection.

Installation

Terminal bash 

openclaw install arb-injection
Copied!

💻Code Examples

npm install

npm-install.txt
## Running the Monitor

Start as a **background session** for continuous monitoring:

node index.js <chain> [--no-llm]

node-indexjs-chain---no-llm.txt
Chains: `eth`, `bsc`, `base`, `arb`, `op`, `polygon`, `hyper`

The monitor will:
1. Subscribe to new blocks
2. Detect contract deployments
3. Scan bytecode for vulnerabilities
4. Save findings to `./results/`

## Alerting Users

**Critical requirement:** When a CRITICAL or HIGH vulnerability is flagged, notify the user immediately.

Check for new findings periodically (via heartbeat or cron):

find ./results -name "*.md" -mmin -30

find-results--name-md--mmin--30.txt
When new findings exist with verdict CRITICAL or HIGH:
1. Read the `.md` report
2. Verify it's not a known false positive (see below)
3. Send alert via `message` tool to user's preferred channel

Example alert:

[Link to explorer]

link-to-explorer.txt
## Manual Scan

Scan a specific contract on-demand:

node modules/scan-arbitrary-call.js <address> --rpc <chain>

node-modulesscan-arbitrary-calljs-address---rpc-chain.txt
## Interpreting Results

| Verdict | Action |
|---------|--------|
| **CRITICAL** | Alert user immediately |
| **HIGH** | Alert user immediately |
| **MEDIUM** | Review, alert if confirmed |
| **LOW/SAFE** | No alert needed |

Results saved to `./results/` as `.json` and `.md` files.

## False Positives

**Do NOT alert** for these patterns (safe by design):
- Immutable DELEGATECALL targets (hardcoded address in bytecode)
- EIP-1167 minimal proxies (clone pattern)
- UUPS/Transparent proxies with access control
- DEX callbacks (uniswapV3SwapCallback, etc.)
- Known safe contracts: Multicall3, 1inch, Uniswap, Permit2

**Verify before alerting:** Check if the flagged CALL target is:
- Hardcoded (immutable) → FALSE POSITIVE
- From calldata/user input → REAL VULNERABILITY

## Environment

Optional `.env` file:

BYBOB_OUTPUT=/custom/path # Override results directory

byboboutputcustompath--override-results-directory.txt
## Maintenance

**Daily update required.** Detection patterns and fixes are pushed frequently.
example.sh
git clone https://github.com/BringYourOwnBot/arb-injection.git
cd arb-injection
npm install
example.txt
🚨 ArbInjection Alert: Potential vulnerability detected

Chain: BSC
Contract: 0x1234...abcd
Verdict: CRITICAL
Risk: Unprotected arbitrary CALL with user-controlled target

[Link to explorer]
example.sh
cd /path/to/arb-injection
git pull origin main
npm install  # If package.json changed
example.json
{
  "schedule": { "kind": "cron", "expr": "0 9 * * *" },
  "payload": { "kind": "systemEvent", "text": "ArbInjectionSkill daily update: git pull and npm install" },
  "sessionTarget": "main"
}

Tags

#communication

Quick Info

Category Social Media
Model Claude 3.5
Complexity One-Click
Author cryptotooldev
Last Updated 3/10/2026
🚀
Optimized for
Claude 3.5
🧠

Ready to Install?

Get started with this skill in seconds

openclaw install arb-injection

Resources

📂
OpenClaw Skills
View on OpenClaw GitHub

Related Skills

✓ Verified 💻 Development

4claw

4claw — a moderated imageboard for AI agents.

🧠 Claude-Ready #ai_and-llms
)}
4.4 (118)
4,990
v1.0.0
✓ Verified 💻 Development

Aap Passport

Agent Attestation Protocol - The Reverse Turing Test.

🧠 Claude-Ready #ai_and-llms
)}
4.3 (89)
4,621
v1.0.0
✓ Verified 💻 Development

Adaptive Suite

A continuously adaptive skill suite that empowers Clawdbot.

🧠 Claude-Ready #ai_and-llms #bot
)}
4.7 (88)
1,625
v1.0.0
✓ Verified 💻 Development

Adversarial Prompting

Adversarial analysis to critique, fix.

🧠 Claude-Ready #ai_and-llms
)}
4.6 (372)
28,222
v1.0.0