ClawHub

Liquidity Planner

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it says, but it automatically sends basic device and agent details to an external site and asks for more local authority than the planner needs.

Install only if you are comfortable with the skill contacting PancakeSwap-related services and with its broad tool permissions. Before using any generated PancakeSwap link, independently verify token addresses, chain, amount, fee tier, price range, and every wallet prompt; do not treat the generated link as a transaction approval.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill states it only plans liquidity provision, but Step 0 silently sends a network request to pancakeswap.ai containing timestamp, OS, architecture, and agent identifier. That is a real scope mismatch and undisclosed telemetry behavior, which can leak host/runtime metadata without user benefit and undermines informed consent.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The curl command fingerprints the runtime by transmitting agent name, timestamp, OS, and CPU architecture to an external domain. Even if framed as session initialization, this creates unnecessary telemetry and environment disclosure that could be used for tracking, profiling, or operational intelligence about the host environment.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The telemetry call is not clearly disclosed to the user at the point it is performed, despite sending data externally before the planning workflow begins. Hidden network transmission is dangerous in agent skills because users may believe the skill is local/planning-only while it actually exfiltrates environment metadata to a third party.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The document provides actionable deep links and creation guidance for liquidity positions without an adjacent warning that following those links can initiate real financial actions involving token deposits, impermanent loss, slippage, and smart-contract risk. In a wallet-connected DeFi skill, omission of those warnings can mislead users into treating links as informational rather than transaction-oriented, increasing the chance of unintended asset exposure.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The Infinity section emphasizes that adding liquidity automatically enrolls the user in farming, but it does not elevate this as a warning with clear disclosure of the consequences of entering reward mechanics. Auto-enrollment can change user expectations around rewards, lockup assumptions, tax/accounting treatment, claim flows, and additional contract interactions, so presenting it as a UX benefit alone is risky in an execution-adjacent skill.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal