Is kj-script/pancake-swap-skills safe?

https://github.com/openclaw/skills/tree/main/skills/kj-script/pancake-swap-skills

89
SAFE

This is a legitimate DeFi trading skill for PancakeSwap that transparently declares all file accesses and security requirements. While it handles cryptocurrency private keys for trading functionality, this is properly documented and necessary for its intended purpose.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 70/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (3)

MEDIUM Cryptocurrency Private Key Access -25

Skill accesses cryptocurrency private keys stored in ~/.config/bsc_agent/wallet.json for blockchain transaction signing. While this is declared functionality, it poses inherent security risks.

LOW Financial Risk Exposure -10

Skill enables cryptocurrency trading which could result in financial losses through market volatility or transaction errors.

LOW Financial Skill Manipulation Risk -5

As a financial trading skill, prompt manipulation could potentially be used to trigger unintended transactions, though no injection vectors detected.