WAIaaS Actions

Facilitates DeFi actions through a structured transaction pipeline, enabling seamless execution of swaps, staking, and cross-chain operations.

Install this skill

0/100

Security score

The WAIaaS Actions skill was audited on May 13, 2026 and we found 87 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 1787

Template literal with variable interpolation in command context

SourceSKILL.md

1787

```bash

medium line 45

Curl to non-GitHub URL

SourceSKILL.md

45	curl -s -X POST http://localhost:3100/v1/actions/jupiter_swap/swap \

medium line 82

Curl to non-GitHub URL

SourceSKILL.md

82	curl -s http://localhost:3100/v1/actions/providers \

medium line 178

Curl to non-GitHub URL

SourceSKILL.md

178	curl -s -X POST http://localhost:3100/v1/actions/jupiter_swap/swap \

medium line 276

Curl to non-GitHub URL

SourceSKILL.md

276	curl -s -X POST http://localhost:3100/v1/actions/jupiter_swap/swap \

medium line 404

Curl to non-GitHub URL

SourceSKILL.md

404	curl -s -X POST http://localhost:3100/v1/actions/zerox_swap/swap \

medium line 465

Curl to non-GitHub URL

SourceSKILL.md

465	curl -s -X POST http://localhost:3100/v1/actions/zerox_swap/swap \

medium line 562

Curl to non-GitHub URL

SourceSKILL.md

562	curl -s -X POST http://localhost:3100/v1/actions/lifi/bridge \

medium line 630

Curl to non-GitHub URL

SourceSKILL.md

630	curl -s -X POST http://localhost:3100/v1/actions/lifi/cross_swap \

medium line 751

Curl to non-GitHub URL

SourceSKILL.md

751	curl -s -X POST http://localhost:3100/v1/actions/lido_staking/stake \

medium line 797

Curl to non-GitHub URL

SourceSKILL.md

797	curl -s -X POST http://localhost:3100/v1/actions/lido_staking/unstake \

medium line 890

Curl to non-GitHub URL

SourceSKILL.md

890	curl -s -X POST http://localhost:3100/v1/actions/jito_staking/stake \

medium line 933

Curl to non-GitHub URL

SourceSKILL.md

933	curl -s -X POST http://localhost:3100/v1/actions/jito_staking/unstake \

medium line 1045

Curl to non-GitHub URL

SourceSKILL.md

1045	curl -s -X POST http://localhost:3100/v1/actions/aave_v3/aave_supply \

medium line 1101

Curl to non-GitHub URL

SourceSKILL.md

1101	curl -s -X POST http://localhost:3100/v1/actions/aave_v3/aave_borrow \

medium line 1200

Curl to non-GitHub URL

SourceSKILL.md

1200	curl -s -X POST http://localhost:3100/v1/actions/kamino/kamino_supply \

medium line 1346

Curl to non-GitHub URL

SourceSKILL.md

1346	curl -s -X POST http://localhost:3100/v1/actions/pendle_yield/buy_pt \

medium line 1406

Curl to non-GitHub URL

SourceSKILL.md

1406	curl -s -X POST http://localhost:3100/v1/actions/pendle_yield/redeem_pt \

medium line 1524

Curl to non-GitHub URL

SourceSKILL.md

1524	curl -s -X POST http://localhost:3100/v1/actions/drift_perp/drift_open_position \

medium line 1592

Curl to non-GitHub URL

SourceSKILL.md

1592	curl -s -X POST http://localhost:3100/v1/actions/drift_perp/drift_add_margin \

medium line 1657

Curl to non-GitHub URL

SourceSKILL.md

1657	curl -s -X POST http://localhost:3100/v1/actions/dcent_swap/get_quotes \

medium line 1675

Curl to non-GitHub URL

SourceSKILL.md

1675	curl -s -X POST http://localhost:3100/v1/actions/dcent_swap/dex_swap \

medium line 1733

Curl to non-GitHub URL

SourceSKILL.md

1733	curl -s -X POST http://localhost:3100/v1/actions/across_bridge/quote \

medium line 1744

Curl to non-GitHub URL

SourceSKILL.md

1744	curl -s -X POST http://localhost:3100/v1/actions/across_bridge/execute \

medium line 1755

Curl to non-GitHub URL

SourceSKILL.md

1755	curl -s -X POST http://localhost:3100/v1/actions/across_bridge/status \

medium line 1766

Curl to non-GitHub URL

SourceSKILL.md

1766	curl -s -X POST http://localhost:3100/v1/actions/across_bridge/routes \

medium line 1788

Curl to non-GitHub URL

SourceSKILL.md

1788	curl -s -X POST http://localhost:3100/v1/wallets/${WALLET_ID}/polymarket/setup \

medium line 1827

Curl to non-GitHub URL

SourceSKILL.md

1827	curl -s -X POST http://localhost:3100/v1/actions/polymarket_order/pm_buy \

low line 21

External URL reference

SourceSKILL.md

21	http://localhost:3100

low line 45

External URL reference

SourceSKILL.md

45	curl -s -X POST http://localhost:3100/v1/actions/jupiter_swap/swap \

low line 82

External URL reference

SourceSKILL.md

82	curl -s http://localhost:3100/v1/actions/providers \

low line 178

External URL reference

SourceSKILL.md

178	curl -s -X POST http://localhost:3100/v1/actions/jupiter_swap/swap \

low line 237

External URL reference

SourceSKILL.md

237	\| API Base URL \| `WAIAAS_ACTIONS_JUPITER_SWAP_API_BASE_URL` \| `https://api.jup.ag/swap/v1` \| Jupiter API endpoint \|

low line 276

External URL reference

SourceSKILL.md

276	curl -s -X POST http://localhost:3100/v1/actions/jupiter_swap/swap \

low line 304

External URL reference

SourceSKILL.md

304	const client = new WAIaaSClient({ baseUrl: 'http://localhost:3100', token: 'wai_sess_...' });

low line 320

External URL reference

SourceSKILL.md

320	async with WAIaaSClient(base_url="http://localhost:3100", token="wai_sess_...") as client:

low line 331

External URL reference

SourceSKILL.md

331	The 0x Swap provider uses the [0x Swap API v2](https://0x.org/docs/api#tag/Swap) with the AllowanceHolder approval flow to aggregate liquidity across EVM DEXs. It supports 20 EVM chains.

low line 335

External URL reference

SourceSKILL.md

335	Enable 0x Swap via Admin UI > DeFi (`#/defi`) > 0x Swap. A 0x API key is required (`requiresApiKey: true`). Get a free key at [0x Dashboard](https://dashboard.0x.org/).

low line 404

External URL reference

SourceSKILL.md

404	curl -s -X POST http://localhost:3100/v1/actions/zerox_swap/swap \

low line 434

External URL reference

SourceSKILL.md

434	const client = new WAIaaSClient({ baseUrl: 'http://localhost:3100', token: 'wai_sess_...' });

low line 451

External URL reference

SourceSKILL.md

451	async with WAIaaSClient(base_url="http://localhost:3100", token="wai_sess_...") as client:

low line 465

External URL reference

SourceSKILL.md

465	curl -s -X POST http://localhost:3100/v1/actions/zerox_swap/swap \

low line 492

External URL reference

SourceSKILL.md

492	\| API Base URL \| `WAIAAS_ACTIONS_LIFI_API_BASE_URL` \| `https://li.quest/v1` \| LI.FI API endpoint \|

low line 562

External URL reference

SourceSKILL.md

562	curl -s -X POST http://localhost:3100/v1/actions/lifi/bridge \

low line 594

External URL reference

SourceSKILL.md

594	const client = new WAIaaSClient({ baseUrl: 'http://localhost:3100', token: 'wai_sess_...' });

low line 613

External URL reference

SourceSKILL.md

613	async with WAIaaSClient(base_url="http://localhost:3100", token="wai_sess_...") as client:

low line 630

External URL reference

SourceSKILL.md

630	curl -s -X POST http://localhost:3100/v1/actions/lifi/cross_swap \

low line 662

External URL reference

SourceSKILL.md

662	const client = new WAIaaSClient({ baseUrl: 'http://localhost:3100', token: 'wai_sess_...' });

low line 681

External URL reference

SourceSKILL.md

681	async with WAIaaSClient(base_url="http://localhost:3100", token="wai_sess_...") as client:

low line 695

External URL reference

SourceSKILL.md

695	The Lido Staking provider uses the [Lido Protocol](https://lido.fi/) to stake ETH and receive stETH (liquid staking token). Unstaking requests ETH withdrawal via the Lido Withdrawal Queue. Lido operat

low line 751

External URL reference

SourceSKILL.md

751	curl -s -X POST http://localhost:3100/v1/actions/lido_staking/stake \

low line 773

External URL reference

SourceSKILL.md

773	const client = new WAIaaSClient({ baseUrl: 'http://localhost:3100', token: 'wai_sess_...' });

low line 786

External URL reference

SourceSKILL.md

786	async with WAIaaSClient(base_url="http://localhost:3100", token="wai_sess_...") as client:

low line 797

External URL reference

SourceSKILL.md

797	curl -s -X POST http://localhost:3100/v1/actions/lido_staking/unstake \

low line 834

External URL reference

SourceSKILL.md

834	The Jito Staking provider uses the [Jito Stake Pool](https://www.jito.network/) to stake SOL and receive JitoSOL (liquid staking token). Unstaking burns JitoSOL to withdraw SOL with epoch boundary del

low line 890

External URL reference

SourceSKILL.md

890	curl -s -X POST http://localhost:3100/v1/actions/jito_staking/stake \

low line 910

External URL reference

SourceSKILL.md

910	const client = new WAIaaSClient({ baseUrl: 'http://localhost:3100', token: 'wai_sess_...' });

low line 922

External URL reference

SourceSKILL.md

922	async with WAIaaSClient(base_url="http://localhost:3100", token="wai_sess_...") as client:

low line 933

External URL reference

SourceSKILL.md

933	curl -s -X POST http://localhost:3100/v1/actions/jito_staking/unstake \

low line 967

External URL reference

SourceSKILL.md

967	The Aave V3 Lending provider uses the [Aave Protocol V3](https://aave.com/) to supply collateral, borrow assets, repay debt, and withdraw collateral on EVM chains. It supports multi-chain deployment a

low line 1045

External URL reference

SourceSKILL.md

1045	curl -s -X POST http://localhost:3100/v1/actions/aave_v3/aave_supply \

low line 1073

External URL reference

SourceSKILL.md

1073	const client = new WAIaaSClient({ baseUrl: 'http://localhost:3100', sessionToken: 'wai_sess_...' });

low line 1089

External URL reference

SourceSKILL.md

1089	async with WAIaaSClient(base_url="http://localhost:3100", token="wai_sess_...") as client:

low line 1101

External URL reference

SourceSKILL.md

1101	curl -s -X POST http://localhost:3100/v1/actions/aave_v3/aave_borrow \

low line 1135

External URL reference

SourceSKILL.md

1135	The Kamino Lending provider uses the [Kamino K-Lend](https://kamino.finance/) protocol to supply collateral, borrow assets, repay debt, and withdraw collateral on Solana. It uses the @kamino-finance/k

low line 1200

External URL reference

SourceSKILL.md

1200	curl -s -X POST http://localhost:3100/v1/actions/kamino/kamino_supply \

low line 1246

External URL reference

SourceSKILL.md

1246	The Pendle Yield Trading provider uses the [Pendle Finance](https://pendle.finance/) protocol to buy/sell Principal Tokens (PT) and Yield Tokens (YT), redeem matured PT, and manage LP positions on EVM

low line 1257

External URL reference

SourceSKILL.md

1257	\| API Base URL \| `WAIAAS_ACTIONS_PENDLE_YIELD_API_BASE_URL` \| `https://api-v2.pendle.finance` \| Pendle API v2 base URL \|

low line 1346

External URL reference

SourceSKILL.md

1346	curl -s -X POST http://localhost:3100/v1/actions/pendle_yield/buy_pt \

low line 1376

External URL reference

SourceSKILL.md

1376	const client = new WAIaaSClient({ baseUrl: 'http://localhost:3100', token: 'wai_sess_...' });

low line 1393

External URL reference

SourceSKILL.md

1393	async with WAIaaSClient(base_url="http://localhost:3100", token="wai_sess_...") as client:

low line 1406

External URL reference

SourceSKILL.md

1406	curl -s -X POST http://localhost:3100/v1/actions/pendle_yield/redeem_pt \

low line 1439

External URL reference

SourceSKILL.md

1439	The Drift Perp Trading provider uses the [Drift Protocol V2](https://drift.trade/) to open, close, and modify leveraged perpetual futures positions on Solana. It supports LONG/SHORT positions with mar

low line 1524

External URL reference

SourceSKILL.md

1524	curl -s -X POST http://localhost:3100/v1/actions/drift_perp/drift_open_position \

low line 1558

External URL reference

SourceSKILL.md

1558	const client = new WAIaaSClient({ baseUrl: 'http://localhost:3100', token: 'wai_sess_...' });

low line 1577

External URL reference

SourceSKILL.md

1577	async with WAIaaSClient(base_url="http://localhost:3100", token="wai_sess_...") as client:

low line 1592

External URL reference

SourceSKILL.md

1592	curl -s -X POST http://localhost:3100/v1/actions/drift_perp/drift_add_margin \

low line 1649

External URL reference

SourceSKILL.md

1649	\| `actions.dcent_swap_api_url` \| `https://agent-swap.dcentwallet.com` \| D'CENT Swap API base URL \|

low line 1657

External URL reference

SourceSKILL.md

1657	curl -s -X POST http://localhost:3100/v1/actions/dcent_swap/get_quotes \

low line 1675

External URL reference

SourceSKILL.md

1675	curl -s -X POST http://localhost:3100/v1/actions/dcent_swap/dex_swap \

low line 1721

External URL reference

SourceSKILL.md

1721	\| `actions.across_bridge_api_base_url` \| `https://app.across.to/api` \| API base URL \|

low line 1733

External URL reference

SourceSKILL.md

1733	curl -s -X POST http://localhost:3100/v1/actions/across_bridge/quote \

low line 1744

External URL reference

SourceSKILL.md

1744	curl -s -X POST http://localhost:3100/v1/actions/across_bridge/execute \

low line 1755

External URL reference

SourceSKILL.md

1755	curl -s -X POST http://localhost:3100/v1/actions/across_bridge/status \

low line 1766

External URL reference

SourceSKILL.md

1766	curl -s -X POST http://localhost:3100/v1/actions/across_bridge/routes \

low line 1788

External URL reference

SourceSKILL.md

1788	curl -s -X POST http://localhost:3100/v1/wallets/${WALLET_ID}/polymarket/setup \

low line 1827

External URL reference

SourceSKILL.md

1827	curl -s -X POST http://localhost:3100/v1/actions/polymarket_order/pm_buy \

Scanned on May 13, 2026

View Security Dashboard

Installation guide →

GitHub Stars 12

Rate this skill

Categorymarketing

UpdatedMay 13, 2026

frontend stripe docx api database testing devops mobile backend growth-marketer product-marketer business-development data-analyst marketing-analyst marketing sales data analytics

minhoyoo-iotrust/WAIaaS