Security audit

Collect Fees

Security checks across malware telemetry and agentic risk

Overview

This is a read-only PancakeSwap fee/position helper, but it shares public wallet lookup data with PancakeSwap/RPC services and should be used only with that privacy tradeoff understood.

Install only if you are comfortable sharing public wallet addresses and lookup timing with PancakeSwap Explorer, public RPC providers, and npm-installed SDK dependencies. Do not provide seed phrases or private keys, review any PancakeSwap UI transaction in your wallet before confirming, and avoid the optional browser-open/ping behavior if you want tighter control over external navigation and telemetry.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Context-Inappropriate Capability

Low

Confidence: 82% confidence
Finding: Launching a browser from a skill creates an external side effect that is stronger than merely displaying a link, and it can be abused for unwanted navigation or phishing if URL construction is ever influenced by untrusted data. Although this skill restricts links to PancakeSwap URLs, auto-opening still reduces user control and increases the blast radius of any future URL-validation mistake.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill is described as fee-focused, but this code also enumerates Infinity Bin positions and computes principal token amounts. That over-collection expands the data exposed about a user's wallet holdings beyond what is necessary for the stated task, violating least-privilege and increasing privacy/scope risk.

Intent-Code Divergence

Medium

Confidence: 91% confidence
Finding: The header comment claims the script computes pending fees for both Infinity position types, but the Bin logic actually computes token amounts held in bins. This misleading description can cause operators, reviewers, or downstream agents to approve or invoke broader wallet introspection than intended.

Description-Behavior Mismatch

High

Confidence: 95% confidence
Finding: The file’s stated behavior is to discover Solana CLMM positions and farm positions and output pending rewards, which materially exceeds a skill described as checking and collecting PancakeSwap V3/Infinity LP fees. This broadens wallet portfolio visibility across another chain and another product area, creating unnecessary data access and a scope mismatch that could expose user holdings and rewards unrelated to the requested action.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The code explicitly determines whether pools have active farming rewards by inspecting reward metadata and later computes reward amounts, even though the skill is framed around LP fee collection. In this context, harvesting or even enumerating farm rewards is an additional capability that reveals extra financial state and may cause the agent to act on assets the user did not intend to expose or manage.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The script sends a wallet address to PancakeSwap explorer endpoints to enumerate wallet-specific positions, which discloses user portfolio metadata to a third-party service. In a wallet/agent skill context, that is more sensitive because users may expect on-chain reads via their RPC, not off-platform tracking or correlation of their address activity.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical

Code: suspicious.env_credential_access
Location: references/fetch-infinity-positions.mjs:31

Environment variable access combined with network send.

Critical

Code: suspicious.env_credential_access
Location: references/fetch-solana.cjs:24