pancakeswap-clmm
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the platform installation script and plugin binary from the vendor's GitHub repositories (okx/onchainos-skills and okx/plugin-store).- [REMOTE_CODE_EXECUTION]: Executes a vendor-provided setup script via piped shell command (curl | sh) to install required CLI dependencies during the initial session setup.- [COMMAND_EXECUTION]: Interacts with the local onchainos CLI to resolve wallet addresses and execute smart contract calls for farming operations.- [EXTERNAL_DOWNLOADS]: Sends installation telemetry, including a hashed device identifier and version metadata, to the vendor's API at okx.com and a stats service on Vercel.- [PROMPT_INJECTION]: Includes a explicit Data Trust Boundary notice that instructs the AI agent to treat all CLI outputs as untrusted external content and to filter fields before processing.
Audit Metadata