ClawHub

Farming Planner

Security checks across malware telemetry and agentic risk

Overview

This DeFi planning skill includes under-disclosed mainnet transaction guidance, automatic package installation, and wallet-position inspection that exceed a simple planning-only purpose.

Install only after reviewing the transaction sections and helper scripts. Treat this as a DeFi operations aid, not a passive planner: do not run any cast send command or approve tokens unless you deliberately intend that on-chain action, and avoid running the helper scripts until runtime pip installation is removed or dependencies are pinned and installed through a reviewed setup process.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (10)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
import requests
except ImportError:
    import subprocess
    subprocess.check_call([sys.executable, '-m', 'pip', 'install', '-q', 'requests'])
    import requests
CHAIN_FILTER = os.environ.get('CHAIN_FILTER', '')
PROTOCOL_FILTER = os.environ.get('PROTOCOL_FILTER', '')
Confidence
96% confidence
Finding
subprocess.check_call([sys.executable, '-m', 'pip', 'install', '-q', 'requests'])

os.system() or os exec-family call

High
Category
Dangerous Code Execution
Content
try:
    import requests
except ImportError:
    os.system('pip install requests -q')
    import requests
RPC_URL = 'https://bsc-rpc.publicnode.com'
SECONDS_PER_YEAR = 31_536_000
Confidence
98% confidence
Finding
os.system('pip install requests -q')

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The skill claims it only plans and does not execute transactions, but later includes concrete `cast send` commands for mainnet staking, unstaking, harvesting, approvals, and claims. That mismatch can cause an agent or user to treat the skill as low-risk planning guidance while it actually facilitates irreversible on-chain actions, increasing the chance of unintended fund movement.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Installing Python packages at runtime via pip is a genuine security issue because it enables downloading and executing code during normal skill execution without prior review. That behavior is not justified by the skill’s stated purpose of planning PancakeSwap farming and makes the skill much more dangerous in context, since a data helper should not need software installation privileges.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The file's behavior materially diverges from the skill manifest: instead of planning PancakeSwap farming/staking actions, it performs live Solana wallet position discovery and reward calculation. In a planning-oriented skill, unexpected on-chain portfolio inspection expands the data-access scope and can cause privacy leakage, user confusion, or unauthorized collection of wallet-linked holdings data.

Context-Inappropriate Capability

Low
Confidence
82% confidence
Finding
The script reads a wallet address from an environment variable and uses it to enumerate token accounts and infer CLMM positions. While this is only a public address, it still introduces undisclosed access to wallet-linked portfolio data that is not justified by a planning-only farming skill, increasing privacy and scope-creep risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script silently installs a package via pip with no disclosure or consent. Even if intended as convenience, undisclosed environment mutation is risky because it hides network access and code installation from operators and users, reducing auditability and increasing the chance of unexpected code execution.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Automatically installing a package without warning or consent is unsafe because it changes the host environment and pulls code from external sources during normal script execution. Even if intended for convenience, silent installation increases the chance of unexpected code execution and makes the script unsuitable for controlled or sandboxed environments.

External Script Fetching

High
Category
Supply Chain
Content
```bash
# All chains, all protocols (default — uses /list for comprehensive results):
curl -s "https://explorer.pancakeswap.com/api/cached/pools/list?orderBy=volumeUSD24h&protocols=v2&protocols=v3&protocols=stable&protocols=infinityBin&protocols=infinityCl&protocols=infinityStable&chains=bsc&chains=ethereum&chains=base&chains=arbitrum&chains=zksync&limit=100" | python3 "$PCS_FARMS_SCRIPT"

# BSC only:
curl -s "https://explorer.pancakeswap.com/api/cached/pools/list?orderBy=volumeUSD24h&protocols=v2&protocols=v3&protocols=stable&protocols=infinityBin&protocols=infinityCl&protocols=infinityStable&chains=bsc&limit=100" | CHAIN_FILTER=bsc python3 "$PCS_FARMS_SCRIPT"
Confidence
88% confidence
Finding
curl -s "https://explorer.pancakeswap.com/api/cached/pools/list?orderBy=volumeUSD24h&protocols=v2&protocols=v3&protocols=stable&protocols=infinityBin&protocols=infinityCl&protocols=infinityStable&chai

External Script Fetching

High
Category
Supply Chain
Content
curl -s "https://explorer.pancakeswap.com/api/cached/pools/farming?protocols=v2&protocols=v3&protocols=stable&protocols=infinityBin&protocols=infinityCl&chains=bsc" | CHAIN_FILTER=bsc python3 "$PCS_FARMS_SCRIPT"

# Solana CLMM pools (uses sol-explorer, no chains filter needed):
curl -s "https://sol-explorer.pancakeswap.com/api/cached/v1/pools/list?orderBy=volumeUSD24h&protocols=v3&limit=100" | python3 "$PCS_FARMS_SCRIPT"
```

The output is a ready-to-use markdown table with LP Fee APR, CAKE APR, and Total APR columns, plus deep links per row. Copy it directly into your response.
Confidence
88% confidence
Finding
curl -s "https://sol-explorer.pancakeswap.com/api/cached/v1/pools/list?orderBy=volumeUSD24h&protocols=v3&limit=100" | python

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal