Skip to main content

bridge

Facilitates cross-chain token transfers using Wormhole and CCTP protocols for seamless blockchain transactions.

Install this skill

or
6/100

Security score

The bridge skill was audited on Feb 19, 2026 and we found 22 security issues across 2 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 80

Template literal with variable interpolation in command context

SourceSKILL.md
80console.log(`Fee: $${quote.fee}`);
medium line 81

Template literal with variable interpolation in command context

SourceSKILL.md
81console.log(`Est. time: ${quote.estimatedTime} seconds`);
medium line 97

Template literal with variable interpolation in command context

SourceSKILL.md
97console.log(`Transfer initiated: ${transfer.txHash}`);
medium line 98

Template literal with variable interpolation in command context

SourceSKILL.md
98console.log(`VAA: ${transfer.vaa}`);
medium line 99

Template literal with variable interpolation in command context

SourceSKILL.md
99console.log(`Status: ${transfer.status}`);
medium line 108

Template literal with variable interpolation in command context

SourceSKILL.md
108console.log(`Redeemed: ${redeem.txHash}`);
medium line 109

Template literal with variable interpolation in command context

SourceSKILL.md
109console.log(`Amount received: ${redeem.amount} USDC`);
medium line 127

Template literal with variable interpolation in command context

SourceSKILL.md
127console.log(`CCTP transfer: ${transfer.txHash}`);
medium line 128

Template literal with variable interpolation in command context

SourceSKILL.md
128console.log(`Message: ${transfer.messageHash}`);
medium line 148

Template literal with variable interpolation in command context

SourceSKILL.md
148console.log(`Status: ${status.status}`);
medium line 151

Template literal with variable interpolation in command context

SourceSKILL.md
151console.log(`Source confirmations: ${status.sourceConfirmations}`);
medium line 152

Template literal with variable interpolation in command context

SourceSKILL.md
152console.log(`VAA status: ${status.vaaStatus}`);
medium line 153

Template literal with variable interpolation in command context

SourceSKILL.md
153console.log(`Redeemed: ${status.redeemed}`);
medium line 156

Template literal with variable interpolation in command context

SourceSKILL.md
156console.log(`Ready to redeem! VAA: ${status.vaa}`);
medium line 171

Template literal with variable interpolation in command context

SourceSKILL.md
171console.log(`${p.sourceChain} → ${p.destChain}`);
medium line 172

Template literal with variable interpolation in command context

SourceSKILL.md
172console.log(` Amount: ${p.amount} ${p.token}`);
medium line 173

Template literal with variable interpolation in command context

SourceSKILL.md
173console.log(` Status: ${p.status}`);
medium line 174

Template literal with variable interpolation in command context

SourceSKILL.md
174console.log(` Age: ${p.age} minutes`);
low line 91

Access to .env file

SourceSKILL.md
91sourcePrivateKey: process.env.SOLANA_PRIVATE_KEY,
low line 105

Access to .env file

SourceSKILL.md
105destPrivateKey: process.env.EVM_PRIVATE_KEY,
low line 123

Access to .env file

SourceSKILL.md
123sourcePrivateKey: process.env.EVM_PRIVATE_KEY,
low line 137

Access to .env file

SourceSKILL.md
137destPrivateKey: process.env.EVM_PRIVATE_KEY,
Scanned on Feb 19, 2026
View Security Dashboard
Installation guide →
GitHub Stars 53
Rate this skill
Categorydevelopment
UpdatedMay 21, 2026
openclawapibackendbackend-developerdata-engineerml-ai-engineerdevelopment
alsk1992/CloddsBot