saturnswap-liquidity
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs legitimate DeFi operations (liquidity provision and withdrawal) for the SaturnSwap DEX. No malicious patterns, obfuscation, or unauthorized data access were detected.
- [COMMAND_EXECUTION]: The skill uses Node.js scripts (
create-add-liquidity.js,create-withdraw-liquidity.js) to process user inputs and generate transaction data. These scripts use standard argument parsing and do not perform unsafe shell execution or dynamic code evaluation. - [EXTERNAL_DOWNLOADS]: The scripts import functional logic from a shared local client (
../../../scripts/saturnswap-client.js). This is a standard pattern for skills sharing a common API wrapper within the same vendor ecosystem. - [INDIRECT_PROMPT_INJECTION]: The skill has a data ingestion surface as it processes user-provided blockchain addresses and contract IDs. However, its capabilities are limited to generating unsigned transactions, which poses no risk of unauthorized fund movement or system compromise.
- Ingestion points: CLI arguments in
scripts/create-add-liquidity.jsandscripts/create-withdraw-liquidity.js. - Boundary markers: None identified in
SKILL.md. - Capability inventory: Transaction construction via external client; no file-system write access or subprocess spawning.
- Sanitization: Numerical inputs are sanitized via
parseFloat(); address strings are passed directly to the API client.
Audit Metadata