pancakeswap-v3-plugin

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). Although the URLs are hosted on GitHub under the "okx" org (a known crypto company), they instruct downloading and executing raw shell scripts and a release binary (curl | sh and direct executable download), which is an inherently high-risk pattern because it allows arbitrary code execution and binaries could be malicious or tampered with; verify the repository/org, inspect the scripts and release artifacts, and prefer signed binaries or checksums before running.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the skill explicitly performs live fetches from public third‑party sources (see plugin.yaml api_calls listing public RPC endpoints and api.thegraph.com, and SKILL.md sections: "quote" uses QuoterV2 via eth_call, "positions" queries TheGraph, "pools"/other commands call RPCs), and those untrusted responses are parsed and used to compute quotes, slippage, calldata, and transaction decisions, so external content can materially influence the agent's actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's pre-flight install runs at runtime and explicitly executes remote installer code via "curl -fsSL https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh | sh" (and also fetches required scripts/binaries from https://raw.githubusercontent.com/okx/plugin-store/main/scripts/launcher.sh and https://github.com/okx/plugin-store/releases/download/plugins/pancakeswap-v3-plugin@1.0.5/...), so these URLs fetch and run remote code that the skill requires.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform on-chain financial operations: it implements token swaps, liquidity minting and removal, ERC-20 approvals, and broadcasts transactions (via onchainos wallet contract-call). Commands like swap, add-liquidity, and remove-liquidity perform multi-step transactions (approve → contract calls → submit tx) and report transaction hashes. It targets crypto blockchains and specific DEX contracts (SmartRouter, NonfungiblePositionManager, QuoterV2) and includes flags (--confirm, --dry-run) controlling broadcasts. These are direct crypto/financial execution capabilities (signing and submitting transactions that move funds), so this meets the Direct Financial Execution criteria.