io.github.WarTech9/clawswap

Cross-chain swaps between Solana and Base for AI agents paid for via via x402 micropayments.

WarTech9api-integrationTypeScript
GitHubnpm
0Tools
2Findings
2Stars
Mar 31, 2026Last Scanned

Security Findings2

2 findings detected across 1 severity level. Each finding includes a structured evidence chain answering: WHAT, WHERE, WHY, HOW CONFIDENT, and HOW TO VERIFY.

criticalF5Official Namespace SquattingMCP10-supply-chainAML.T0054
SOURCE: external-content at server:io.github.WarTech9/clawswap — Server name impersonates an official vendor namespace, misleading AI clients and users. Observed: "Server name "io.github.WarTech9/clawswap" contains "aws"" FLOW: cross-tool-flow at server:io.github.WarTech9/clawswap:github_url — "GitHub URL "https://github.com/wartech9/clawswap-mcp" is not under github.com/aws" IMPACT: cross-agent-propagation (ai-client, exploitability: trivial) — AI trusts server "io.github.WarTech9/clawswap" as official aws product due to namespace match VERIFY: 1. [inspect-description] Verify whether "io.github.WarTech9/clawswap" is an official aws server Target: server:io.github.WarTech9/clawswap Expected: Server uses "aws" namespace but GitHub URL does not match CONFIDENCE: 50% [namespace_match (+0.20)]
Evidence Report50% confidence
1

What Was Found

Untrusted data entry point identified. A external content source at server:io.github.WarTech9/clawswap introduces data into the processing pipeline without adequate boundary controls. The observed input pattern is Server name "io.github.WarTech9/clawswap" contains "aws".

Server name impersonates an official vendor namespace, misleading AI clients and users

Potential impact: Cross-Agent Attack Propagation. If exploited, an attacker could compromise ai client and agent context. Exploitability is assessed as trivial — no special conditions required.

2

Where in the Code

The data flow traverses 2 locations from entry point to dangerous operation. The data passes through 1 intermediate transformation before reaching the sink, each of which could have applied sanitization but did not.

ENTRY
server:io.github.WarTech9/clawswap
Server name "io.github.WarTech9/clawswap" contains "aws"
FLOW
server:io.github.WarTech9/clawswap:github_url
GitHub URL "https://github.com/wartech9/clawswap-mcp" is not under github.com/aw…
3

Why This Is Dangerous

Cross-Agent Attack Propagation. AI trusts server "io.github.WarTech9/clawswap" as official aws product due to namespace match

Scope: AI Client and Agent ContextExploitability: Trivial — No special conditions required
4

Confidence Assessment

50%Low-Moderate

This finding has been assigned a confidence score of 50% (low-moderate). Confidence reflects the strength of the evidence chain: higher values indicate that the finding was confirmed through multiple independent analysis techniques (e.g., AST-based taint tracking, structural pattern matching, or cross-reference with known CVEs). Lower values indicate the finding is based on heuristic patterns that may require manual verification.

Confidence factors: The following analysis signals contributed to the final confidence score. Positive adjustments indicate corroborating evidence; negative adjustments indicate uncertainty or partial mitigation.

+0.20
namespace match

Direct substring match: "aws" in server name

5

How to Verify

The following verification steps enable independent confirmation of this finding. Each step can be performed by a security reviewer, compliance auditor, or automated tooling to validate that the identified vulnerability exists and assess whether remediation has been applied.

Step 1Description Inspection
Target:server:io.github.WarTech9/clawswap

Verify whether "io.github.WarTech9/clawswap" is an official aws server

Expected observation:

Server uses "aws" namespace but GitHub URL does not match

Remediation: Do not use official vendor names in server names unless you are the vendor.
criticalF5Official Namespace SquattingMCP10-supply-chainAML.T0054
SOURCE: external-content at server:io.github.WarTech9/clawswap — Server name impersonates an official vendor namespace, misleading AI clients and users. Observed: "Server name "io.github.WarTech9/clawswap" contains "github"" FLOW: cross-tool-flow at server:io.github.WarTech9/clawswap:github_url — "GitHub URL "https://github.com/wartech9/clawswap-mcp" is not under github.com/github" IMPACT: cross-agent-propagation (ai-client, exploitability: trivial) — AI trusts server "io.github.WarTech9/clawswap" as official github product due to namespace match VERIFY: 1. [inspect-description] Verify whether "io.github.WarTech9/clawswap" is an official github server Target: server:io.github.WarTech9/clawswap Expected: Server uses "github" namespace but GitHub URL does not match CONFIDENCE: 50% [namespace_match (+0.20)]
Evidence Report50% confidence
1

What Was Found

Untrusted data entry point identified. A external content source at server:io.github.WarTech9/clawswap introduces data into the processing pipeline without adequate boundary controls. The observed input pattern is Server name "io.github.WarTech9/clawswap" contains "github".

Server name impersonates an official vendor namespace, misleading AI clients and users

Potential impact: Cross-Agent Attack Propagation. If exploited, an attacker could compromise ai client and agent context. Exploitability is assessed as trivial — no special conditions required.

2

Where in the Code

The data flow traverses 2 locations from entry point to dangerous operation. The data passes through 1 intermediate transformation before reaching the sink, each of which could have applied sanitization but did not.

ENTRY
server:io.github.WarTech9/clawswap
Server name "io.github.WarTech9/clawswap" contains "github"
FLOW
server:io.github.WarTech9/clawswap:github_url
GitHub URL "https://github.com/wartech9/clawswap-mcp" is not under github.com/gi…
3

Why This Is Dangerous

Cross-Agent Attack Propagation. AI trusts server "io.github.WarTech9/clawswap" as official github product due to namespace match

Scope: AI Client and Agent ContextExploitability: Trivial — No special conditions required
4

Confidence Assessment

50%Low-Moderate

This finding has been assigned a confidence score of 50% (low-moderate). Confidence reflects the strength of the evidence chain: higher values indicate that the finding was confirmed through multiple independent analysis techniques (e.g., AST-based taint tracking, structural pattern matching, or cross-reference with known CVEs). Lower values indicate the finding is based on heuristic patterns that may require manual verification.

Confidence factors: The following analysis signals contributed to the final confidence score. Positive adjustments indicate corroborating evidence; negative adjustments indicate uncertainty or partial mitigation.

+0.20
namespace match

Direct substring match: "github" in server name

5

How to Verify

The following verification steps enable independent confirmation of this finding. Each step can be performed by a security reviewer, compliance auditor, or automated tooling to validate that the identified vulnerability exists and assess whether remediation has been applied.

Step 1Description Inspection
Target:server:io.github.WarTech9/clawswap

Verify whether "io.github.WarTech9/clawswap" is an official github server

Expected observation:

Server uses "github" namespace but GitHub URL does not match

Remediation: Do not use official vendor names in server names unless you are the vendor.

Security Category Deep Dive

Select a category to explore sub-categories, findings, and compliance coverage.