dflow
Integrates DFlow trading protocol on Solana, enabling seamless spot and prediction market trading with advanced APIs.
Install this skill
Security score
The dflow skill was audited on Feb 9, 2026 and we found 32 security issues across 4 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 78 | const quote = await fetch(`${API_BASE}/quote?${quoteParams}`, { |
Template literal with variable interpolation in command context
| 83 | const swapResponse = await fetch(`${API_BASE}/swap`, { |
Template literal with variable interpolation in command context
| 125 | const order = await fetch(`${API_BASE}/order?${orderParams}`, { |
Template literal with variable interpolation in command context
| 143 | `${API_BASE}/order-status?signature=${signature}`, |
Template literal with variable interpolation in command context
| 334 | `${API_BASE}/order-status?signature=${signature}`, |
Template literal with variable interpolation in command context
| 372 | const order = await fetch(`${API_BASE}/order?${new URLSearchParams({ |
Template literal with variable interpolation in command context
| 454 | const quote = await fetch(`${API_BASE}/quote?${new URLSearchParams({ |
Template literal with variable interpolation in command context
| 463 | const swap = await fetch(`${API_BASE}/swap`, { |
Template literal with variable interpolation in command context
| 480 | const quote = await fetch(`${API_BASE}/quote?${new URLSearchParams({ |
Template literal with variable interpolation in command context
| 488 | const swap = await fetch(`${API_BASE}/swap`, { |
Template literal with variable interpolation in command context
| 532 | const event = await fetch(`${METADATA_API}/api/v1/event/TRUMP-2024`, { |
Template literal with variable interpolation in command context
| 543 | const events = await fetch(`${METADATA_API}/api/v1/events?limit=50&offset=0`, { |
Template literal with variable interpolation in command context
| 560 | const market = await fetch(`${METADATA_API}/api/v1/market/TRUMP-2024-WIN`, { |
Template literal with variable interpolation in command context
| 572 | `${METADATA_API}/api/v1/market/by-mint/${outcomeMint}`, |
Template literal with variable interpolation in command context
| 581 | const markets = await fetch(`${METADATA_API}/api/v1/markets/batch`, { |
Template literal with variable interpolation in command context
| 597 | `${METADATA_API}/api/v1/outcome_mints?min_close_timestamp=${Date.now()}`, |
Template literal with variable interpolation in command context
| 606 | const filtered = await fetch(`${METADATA_API}/api/v1/filter_outcome_mints`, { |
Template literal with variable interpolation in command context
| 620 | `${METADATA_API}/api/v1/orderbook/TRUMP-2024-WIN`, |
Template literal with variable interpolation in command context
| 637 | `${METADATA_API}/api/v1/trades?ticker=TRUMP-2024-WIN&limit=100`, |
Template literal with variable interpolation in command context
| 652 | `${METADATA_API}/api/v1/milestones/TRUMP-2024`, |
Access to .env file
| 63 | const API_KEY = process.env.DFLOW_API_KEY; // Optional but recommended |
Access to .env file
| 715 | rpcUrl: process.env.RPC_URL, |
Access to .env file
| 716 | privateKey: process.env.PRIVATE_KEY, |
Buffer.from base64 decode
| 99 | Buffer.from(swapResponse.swapTransaction, "base64") |
Buffer.from base64 decode
| 131 | Buffer.from(order.transaction, "base64") |
External URL reference
| 34 | **Base URL:** `https://quote-api.dflow.net` |
External URL reference
| 43 | **Base URL:** `https://api.prod.dflow.net` |
External URL reference
| 62 | const API_BASE = "https://quote-api.dflow.net"; |
External URL reference
| 511 | **Base URL:** `https://api.prod.dflow.net` |
External URL reference
| 529 | const METADATA_API = "https://api.prod.dflow.net"; |
External URL reference
| 786 | - [DFlow Documentation](https://pond.dflow.net) |
External URL reference
| 788 | - [Discord Community](https://discord.gg/dflow) |