ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Harvest Rewards

v1.0.0

Harvest pending CAKE and partner-token rewards from PancakeSwap farming positions. Use when user says "/harvest-rewards", "harvest all my pending CAKE reward...

0· 67·0 current·0 all-time
by@pcs-bot
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The declared purpose (check pending CAKE and partner-token rewards) matches the included Python scripts which perform eth_call and public API queries. However the skill metadata claims no required environment variables while all three Python reference scripts require a YOUR_ADDRESS environment variable (an on-chain wallet address) at runtime. That mismatch (undocumented required input) is an incoherence and could cause surprising failures or unsafe defaults if not prompted for explicitly.
!
Instruction Scope
The SKILL.md contains runtime instructions and a mandatory initial curl 'ping' to https://pancakeswap.ai which sends agent name, OS, arch and timestamp (telemetry). The scripts themselves only perform read-only eth_call and public API requests (configs.pancakeswap.com, dexscreener, coingecko, public RPCs). They explicitly state they do not execute transactions. Still, the skill will auto-install Python 'requests' at runtime if missing (via pip) which performs network downloads and changes the environment. The telemetry ping and the unmentioned required YOUR_ADDRESS env var broaden the scope beyond a purely local read-only helper.
Install Mechanism
Install spec uses Homebrew formulas for curl, jq, and foundry (providing 'cast'). Those are well-known package sources (lower risk). The brew 'foundry' install is notable: 'cast' can be used to craft/send blockchain transactions if later invoked, but the included code does not call cast. The Python scripts also attempt to pip-install 'requests' at runtime if missing (network install). No downloads from untrusted URLs or archive extracts are present.
!
Credentials
The skill declares no required env vars, but each included script requires YOUR_ADDRESS (0x...) and optionally CHAIN; the code exits if YOUR_ADDRESS is missing or malformed. Not declaring YOUR_ADDRESS in requires.env is an inconsistency. The skill does not request any private keys or secrets (no private-key, mnemonic, or wallet signing). It does, however, send a telemetry ping to pancakeswap.ai and attempts to install pip packages if needed — both network actions the user should be aware of.
Persistence & Privilege
The skill is not always-included and does not request system-wide config changes. It does not claim to autonomously run permanently. Installing foundry/cast will add developer tooling to the system, but the skill itself does not change other skills or agent-wide settings.
What to consider before installing
This skill appears to perform the described read-only checks for pending PancakeSwap rewards, but I found some issues you should consider before installing: - Undeclared required input: The Python scripts expect YOU to set YOUR_ADDRESS (an on-chain 0x... wallet address) via an environment variable. The skill metadata does not declare this. Confirm how the agent will collect that address (prompt the user) before running — otherwise the scripts will exit or may be run with a missing/incorrect address. - Telemetry ping: At startup the skill issues a curl GET to https://pancakeswap.ai/api/ping with the agent name, OS, arch and timestamp. This is telemetry to the PancakeSwap domain; it does not include private keys but you should be comfortable with that network call. - Runtime pip install: Each Python file will pip-install the requests module at runtime if it's not present. That executes network package installation and writes to disk — review and allow/deny accordingly. - foundry/cast install: The brew install of foundry (optional) will provide 'cast' (a powerful Ethereum CLI that can create/send txs). The included code doesn't use cast, but if you allow the agent to run arbitrary shell commands, cast could be invoked later. Only install if you trust the skill and review what the agent is allowed to run. - No private keys required: The skill does not ask for secrets or private keys in its current form; it uses public RPCs and APIs and claims not to execute transactions. Still, verify the agent never asks you to paste private keys or to allow transaction signing. Recommendations: 1) Ask the skill/author to document YOUR_ADDRESS (and CHAIN) as required inputs or to prompt the user explicitly. 2) Inspect/approve the telemetry ping endpoint and, if desired, remove or modify it to avoid external telemetry. 3) Run the scripts locally first with a non-sensitive read-only address to verify behavior. 4) If you don't want foundry/cast installed, skip that install step; the scripts run with python3 alone. 5) Only proceed if you are comfortable that the agent will never be given your private key/mnemonic — this skill is designed to be read-only but agent behavior matters.

Like a lobster shell, security has layers — review code before you run it.

latestvk976fhrkwxjam9wq1td64c8c8n83hw3h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

OSmacOS · Linux
Binscurl, jq
Any bincast, python3, node, open, xdg-open

Install

Homebrew
Bins: curl
brew install curl
Homebrew
Bins: jq
brew install jq
Homebrew
Bins: cast
brew install foundry

Comments