ClawAudit verdict

liquidity-planner

pcs-liquidity-planner

88
๐ŸŸข Trusted
Low risk โ€” reviewed by ClawAudit, behavior matches stated purpose

Accesses credentials AND makes external network calls

PancakeSwap liquidity planning skill that generates deep links for user confirmation rather than executing transactions; fetches price data from DefiLlama and PancakeSwap APIs for its stated planning purpose.

Automated static analysis โ€” not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.

0
security
60
transparency
70
maintenance

What it does

These are capability combinations: each listed behavior occurs in the skill, but ClawAudit detects co-occurrence โ€” it does not verify that one flows into another. Read the code to confirm a live chain.

Capability combination high

Accesses credentials AND makes external network calls โ€” potential credential theft

LLM02 ยท ASI03

Capability combination high

Accesses credentials AND encodes data โ€” may obfuscate stolen credentials

LLM02 ยท ASI03 ยท ASI04

Permission integrity

Code accesses API keys/tokens but declares no environment variables

credential_access

Findings (2)

Pattern match critical

Possible hardcoded credential

SKILL.md ยท code ยท TOKEN="0x0E09FaBB73Bd3Ade0a17ECC321fD13a19e81cE82

Pattern match high

Long base64 string (100+ chars) โ€” likely obfuscated payload

SKILL.md ยท code ยท finance/stable/add/0x55d398326f99059fF775485246999027B3197955/0x8AC76a51cc950d98

Permissions & capabilities

Requires 2 system binaries. (1 elevated: curl).

network_outcredential_accessdata_encoding
Check another skill Browse the registry Auditing your own skills or configs? Use the API