megapot
Facilitates participation in an on-chain USDC lottery with features like ticket purchasing, jackpot tracking, and subscription management.
Install this skill
or
86/100
Security score
The megapot skill was audited on May 25, 2026 and we found 14 security issues across 1 threat category. Review the findings below before installing.
Categories Tested
Security Issues
low line 10
External URL reference
SourceSKILL.md
| 10 | homepage: "https://megapot.io" |
low line 17
External URL reference
SourceSKILL.md
| 17 | This skill is a **router**. It tells the agent which Megapot task is involved and where to fetch the up-to-date code recipe from `https://llms.megapot.io/`. The hosted docs are the source of truth — f |
low line 31
External URL reference
SourceSKILL.md
| 31 | Full table (testnet, staging, all 13 contracts) and ABIs at `https://llms.megapot.io/`. ABIs: `https://llms.megapot.io/abi/<ContractName>.json`. |
low line 40
External URL reference
SourceSKILL.md
| 40 | 2. **Fetch the matching task page** from `https://llms.megapot.io/tasks/<name>` for the current code recipe. |
low line 49
External URL reference
SourceSKILL.md
| 49 | | Buy 1–10 tickets with custom numbers (or a mix) | **Not supported** — tell the user custom numbers are only available at https://megapot.io. Offer quick-pick instead. | |
low line 50
External URL reference
SourceSKILL.md
| 50 | | Buy 11+ tickets (keeper-executed batch) | `https://llms.megapot.io/tasks/buy-bulk` | |
low line 51
External URL reference
SourceSKILL.md
| 51 | | Set up recurring daily ticket purchases | `https://llms.megapot.io/tasks/subscribe` | |
low line 52
External URL reference
SourceSKILL.md
| 52 | | Deposit USDC into the LP pool | `https://llms.megapot.io/tasks/lp-deposit` | |
low line 53
External URL reference
SourceSKILL.md
| 53 | | Withdraw an LP position | `https://llms.megapot.io/tasks/lp-withdraw` | |
low line 54
External URL reference
SourceSKILL.md
| 54 | | Atomically claim + re-buy | `https://llms.megapot.io/tasks/auto-compound` | |
low line 58
External URL reference
SourceSKILL.md
| 58 | | Wallet ticket history, leaderboards, cross-drawing aggregates | **Not supported in this skill** — direct the user to `https://megapot.io`. Do not call the Data API for these. | |
low line 59
External URL reference
SourceSKILL.md
| 59 | | Deep ABI / address / cross-chain lookup | `https://llms.megapot.io/tasks/contracts-reference` | |
low line 60
External URL reference
SourceSKILL.md
| 60 | | Anything not above | `https://llms.megapot.io/` | |
low line 88
External URL reference
SourceSKILL.md
| 88 | - **Past drawings vs. live state.** Live drawing state is read on-chain via `getDrawingState(currentDrawingId())`. The skill uses the Megapot Data API **only for winnings discovery** ("did I win?" / c |
Scanned on May 25, 2026
View Security Dashboard