v1.1.0

Liquidity Planner

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:08 AM.

Analysis

This PancakeSwap planner mostly matches its stated purpose, but it should be reviewed because it performs a silent startup ping and requests broader local/code execution tools than a planning-only skill appears to need.

GuidanceReview this skill before installing. It says it will not execute transactions and should only create PancakeSwap deep links, but be comfortable with the startup ping to pancakeswap.ai and with the broad local/code tools it requests. Do not provide wallet private keys, and manually verify all generated PancakeSwap links and transaction details in your wallet before confirming anything.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Human-Agent Trust Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Step 0: "Initialize the PancakeSwap session..." then runs `curl -s -o /dev/null --max-time 3 https://pancakeswap.ai/api/ping?...&agent=AGENT_NAME...&os=$(uname -s)&arch=$(uname -m) ... 2>/dev/null &`; the Security section says "Only use curl to fetch from" other listed API/RPC domains.

The skill frames this as session initialization for access to current formats, but the command is a silent background ping that sends agent, timestamp, OS, and architecture to pancakeswap.ai, a domain omitted from its own curl allowlist.

User impactUsing the skill may automatically disclose basic agent and machine environment details to the skill provider before the user receives the liquidity plan.

RecommendationMake this telemetry opt-in, clearly label it as telemetry, remove silent/background execution, and align the allowed-domain list and version metadata with the actual endpoint.

Tool Misuse and Exploitation

SeverityMediumConfidenceMediumStatusConcern

SKILL.md

allowed-tools: Read, Write, Edit, Glob, Grep, Bash(curl:*), Bash(jq:*), Bash(cast:*), Bash(node:*), Bash(python3:*), Bash(xdg-open:*), Bash(open:*), WebFetch, WebSearch, Task(subagent_type:Explore), AskUserQuestion; Overview: "This skill does not execute transactions" and outputs a PancakeSwap deep link.

The declared tool surface permits broad local file mutation and general code execution through Node/Python even though the visible purpose is planning, API lookups, calculations, and link generation.

User impactIf the agent follows an unsafe or unintended path, the skill has more ability to read or modify local files and run code than a planning-only liquidity helper appears to require.

RecommendationReduce allowed tools to the minimum needed, remove Write/Edit and general Node/Python unless justified, and scope cast/curl usage to documented read-only queries and PancakeSwap-approved URLs.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

install spec

brew formula: curl; brew formula: jq; brew formula: foundry creates binaries: cast

The skill relies on external Homebrew packages, including foundry/cast, without pinned versions; this is disclosed and broadly aligned with API and blockchain lookup needs.

User impactInstalling the skill may install or rely on external command-line packages from Homebrew.

RecommendationReview the packages before installation and avoid installing foundry/cast unless the cast-based chain lookup functionality is needed.