pancake-skills
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: pancake-skills Version: 1.0.0 The skill provides comprehensive functionality to interact with the Pancake Platform API, including read and write operations for pages, conversations, messages, customers, and media uploads. While these capabilities are powerful, the skill includes explicit safety features such as the `CONFIRM_WRITE=YES` guardrail for all write operations and clear instructions in `SKILL.md` and `README.md` that guide the AI agent towards safe usage and warn against common pitfalls (e.g., not saving tokens). The code is straightforward shell scripting without any malicious constructs, obfuscation, or attempts at prompt injection to subvert the agent's behavior for harmful purposes. All API calls are directed to the legitimate `https://pages.fm` domain.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user token is available, the agent could create or refresh a page access token without the user setting CONFIRM_WRITE=YES for that action.
This POST operation generates or refreshes a page access token but does not call confirm_write, unlike other visible write commands. That bypasses the documented write-safety model for a high-impact credential action.
pages-generate-token)
require_env USER_ACCESS_TOKEN
page_id="${1:?PAGE_ID required}"
pancake_request_user POST "/api/v1/pages/${page_id}/generate_page_access_token"
;;Add confirm_write before pages-generate-token, and treat token generation as a privileged write operation requiring explicit user approval.
Anyone or any agent process with these tokens can access and modify Pancake page/customer/message data within the token's permissions.
The skill needs personal and page-level Pancake tokens, including a non-expiring page token. This is purpose-aligned, but it is broad account authority and the registry metadata declares no primary credential or required env vars.
`USER_ACCESS_TOKEN`: Token cá nhân... Có hiệu lực 90 ngày. `PAGE_ACCESS_TOKEN`: Token của page... Không hết hạn trừ khi xóa/renew.
Use the least-privileged Pancake tokens available, avoid sharing them broadly, rotate page tokens when no longer needed, and update metadata to declare the credential requirements.
Unusual or attacker-influenced token/date values could cause local code execution when the script URL-encodes them.
The helper interpolates an input string directly into Python source code. A crafted value containing a quote could break out of the string and execute unintended Python code under the user's account.
url_encode() {
python3 -c "import urllib.parse; print(urllib.parse.quote('$1', safe=''))"
}Rewrite url_encode to pass data as an argument or stdin, for example `python3 -c 'import sys, urllib.parse; print(urllib.parse.quote(sys.argv[1], safe=""))' "$1"`.