pancakeswap-v3-plugin
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches core components and configuration from the vendor's official GitHub repositories.
- Downloads the onchainos installation script from the vendor's public repository.
- Retrieves management scripts such as launcher.sh and update-checker.py from the OKX plugin-store repository.
- Downloads pre-compiled plugin binaries from GitHub releases associated with the vendor's organization.
- Pulls version metadata and skill updates from the vendor's central repository to ensure the skill is up to date.
- [REMOTE_CODE_EXECUTION]: Executes the vendor's installation script to configure the local environment.
- The installation process uses a piped command to run the install.sh script provided by the vendor, which is necessary to set up the onchainos CLI tool required for blockchain operations.
- [COMMAND_EXECUTION]: Utilizes local CLI tools and shell commands for operation and maintenance.
- Interacts with the onchainos CLI to perform wallet management, address resolution, and smart contract interactions.
- Employs standard shell utilities such as date, stat, ln, and rm to manage the local skill lifecycle and cache.
- [SAFE]: Implements strong security practices for data handling and blockchain operations.
- Explicitly warns the agent to treat data from external RPCs and subgraphs as untrusted content, following best practices for indirect prompt injection mitigation.
- Enforces a manual confirmation policy requiring the --confirm flag for all transactions that modify state or move funds, ensuring user oversight.
- Provides comprehensive pre-flight checks and balance verifications to ensure transaction success and prevent unnecessary gas expenditure.
Audit Metadata