The Agent Skills Directory

[SAFE]: The skill implements professional security practices by including a 'MANDATORY SECURITY RULES' section that instructs the agent on shell safety (quoting), input validation (regex for addresses and IDs), and untrusted data handling.
[EXTERNAL_DOWNLOADS]: Fetches liquidity pool data, campaign information, and token prices from official PancakeSwap domains (explorer.pancakeswap.com, infinity.pancakeswap.com, configs.pancakeswap.com) and well-known DeFi data providers (CoinGecko, DexScreener, DeFi Llama).
[COMMAND_EXECUTION]: Uses python3 and cast (Foundry) to perform complex APR calculations and query on-chain data. The Python scripts are defined within the skill content and executed locally using temporary files to ensure transparency.
[REMOTE_CODE_EXECUTION]: While automated scanners detected a pattern involving curl piped to python3, analysis reveals this is used to pass JSON data from the PancakeSwap API into a locally-defined calculation script via stdin, rather than executing remote code. This is a standard data processing pattern.
[DATA_EXFILTRATION]: Performs a 'ping' to pancakeswap.ai during initialization to track skill usage and versioning. This is transparently documented in the 'Step 0: Initialize' section and does not involve sensitive user data.

farming-planner