pump-swarm

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This code is high-risk because it deliberately implements coordinated, stealthy multi-wallet trading and amplification (copytrading, timed/DCA strategies, distribute/consolidate, bundle atomicity, random delays and variance) that facilitate pump-and-dump/market-manipulation behavior, though the file contains no obvious technical backdoor, credential exfiltration, eval/exec, or remote code execution constructs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill fetches live price and chain data from public third-party sources—notably fetchTokenPrice calls the external Jupiter API (https://api.jup.ag/price/...) and the code uses a configurable SOLANA_RPC_URL RPC endpoint to read on-chain positions—which the agent ingests at runtime (e.g., strategies use currentPrice) and these values directly influence trading decisions and tool actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly designed to execute cryptocurrency trades and move funds. It requires and uses private wallet keys (SOLANA_PRIVATE_KEY, SOLANA_SWARM_KEY_*), builds, signs, and submits on-chain transactions, integrates with RPC endpoints and DEX APIs (PumpPortal, Bags.fm, Meteora), and provides direct buy/sell commands (/swarm buy, /swarm sell) with execution modes (bundles, parallel, sequential). Those are specific crypto/blockchain transaction capabilities (wallet management, signing, submitting market orders), not generic tooling.