SafeToken.fun

The safetoken-fun skill bundle is classified as suspicious because it instructs the AI agent to dynamically retrieve contract ABIs and addresses from a remote endpoint (https://safetoken.fun/api) to perform financial transactions on the BNB Chain (SKILL.md). This design pattern is a significant security vulnerability, as it allows a third-party server to dictate the logic of the agent's on-chain operations, potentially leading to unauthorized fund transfers if the site is compromised. Additionally, the _meta.json file contains a future-dated publication timestamp (July 2026), which is an unusual anomaly in the metadata.