pancake skills

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed PancakeSwap trading helper with real crypto-wallet risk, but its sensitive behavior is purpose-aligned and not hidden.

Install only if you are comfortable giving the agent access to a dedicated crypto wallet. Use testnet first or a low-balance wallet, verify every token address, amount, chain ID, router, and slippage before approving a transaction, and avoid optional ClawChain registration unless you specifically need event tracking.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill materially expands from PancakeSwap trading into ClawChain key-registration and query operations, introducing additional credential use, external network interactions, and identity-linking behavior not necessary for basic swaps. This increases the attack surface and may cause an agent or operator to expose or misuse unrelated credentials under the assumption they are part of the trading workflow.

Intent-Code Divergence

High

Confidence: 98% confidence
Finding: The document states it does not manage ClawChain registration, then later provides direct registration commands and API usage for that exact function. This contradiction can mislead reviewers and users about the true privileges and operational scope of the skill, undermining trust boundaries and increasing the chance that sensitive credentials are accessed unexpectedly.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal