Outsmart DEX Trading

If invoked incorrectly or with misunderstood parameters, the agent could spend SOL, sell tokens, alter liquidity positions, or create pools using the user's wallet.

The skill documents direct execution of mainnet trading commands, including buy/sell/liquidity/pool operations, but does not require an explicit user confirmation gate or hard limits before irreversible financial actions.

Anyone or anything that misuses this credential can authorize transactions from the wallet, potentially risking all funds controlled by that key.

The required credential is a raw Solana private key, which provides full signing authority for the wallet rather than a limited or revocable permission token.

A stored wallet private key may remain available to future agent runs, local processes, backups, or anyone with access to the machine.

The setup persists the private key in a local config file; the artifacts do not describe encryption, file-permission hardening, or cleanup.

A compromised, renamed, or unexpected package version could gain access to wallet credentials or submit unintended transactions.

The skill instructs installation of an unpinned global npm CLI package, while the reviewed artifacts contain no CLI source code; this matters because the installed tool will handle the user's private key and transaction execution.