WAIaaS Actions
Facilitates DeFi actions through a structured transaction pipeline, enabling seamless execution of swaps, staking, and cross-chain operations.
Install this skill
or
0/100
Security score
The WAIaaS Actions skill was audited on Mar 5, 2026 and we found 66 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 48
Curl to non-GitHub URL
SourceSKILL.md
| 48 | curl -s http://localhost:3100/v1/actions/providers \ |
medium line 144
Curl to non-GitHub URL
SourceSKILL.md
| 144 | curl -s -X POST http://localhost:3100/v1/actions/jupiter_swap/swap \ |
medium line 242
Curl to non-GitHub URL
SourceSKILL.md
| 242 | curl -s -X POST http://localhost:3100/v1/actions/jupiter_swap/swap \ |
medium line 370
Curl to non-GitHub URL
SourceSKILL.md
| 370 | curl -s -X POST http://localhost:3100/v1/actions/zerox_swap/swap \ |
medium line 431
Curl to non-GitHub URL
SourceSKILL.md
| 431 | curl -s -X POST http://localhost:3100/v1/actions/zerox_swap/swap \ |
medium line 528
Curl to non-GitHub URL
SourceSKILL.md
| 528 | curl -s -X POST http://localhost:3100/v1/actions/lifi/bridge \ |
medium line 596
Curl to non-GitHub URL
SourceSKILL.md
| 596 | curl -s -X POST http://localhost:3100/v1/actions/lifi/cross_swap \ |
medium line 717
Curl to non-GitHub URL
SourceSKILL.md
| 717 | curl -s -X POST http://localhost:3100/v1/actions/lido_staking/stake \ |
medium line 763
Curl to non-GitHub URL
SourceSKILL.md
| 763 | curl -s -X POST http://localhost:3100/v1/actions/lido_staking/unstake \ |
medium line 856
Curl to non-GitHub URL
SourceSKILL.md
| 856 | curl -s -X POST http://localhost:3100/v1/actions/jito_staking/stake \ |
medium line 899
Curl to non-GitHub URL
SourceSKILL.md
| 899 | curl -s -X POST http://localhost:3100/v1/actions/jito_staking/unstake \ |
medium line 1011
Curl to non-GitHub URL
SourceSKILL.md
| 1011 | curl -s -X POST http://localhost:3100/v1/actions/aave_v3/aave_supply \ |
medium line 1067
Curl to non-GitHub URL
SourceSKILL.md
| 1067 | curl -s -X POST http://localhost:3100/v1/actions/aave_v3/aave_borrow \ |
medium line 1166
Curl to non-GitHub URL
SourceSKILL.md
| 1166 | curl -s -X POST http://localhost:3100/v1/actions/kamino/kamino_supply \ |
medium line 1312
Curl to non-GitHub URL
SourceSKILL.md
| 1312 | curl -s -X POST http://localhost:3100/v1/actions/pendle_yield/buy_pt \ |
medium line 1372
Curl to non-GitHub URL
SourceSKILL.md
| 1372 | curl -s -X POST http://localhost:3100/v1/actions/pendle_yield/redeem_pt \ |
medium line 1490
Curl to non-GitHub URL
SourceSKILL.md
| 1490 | curl -s -X POST http://localhost:3100/v1/actions/drift_perp/drift_open_position \ |
medium line 1558
Curl to non-GitHub URL
SourceSKILL.md
| 1558 | curl -s -X POST http://localhost:3100/v1/actions/drift_perp/drift_add_margin \ |
low line 21
External URL reference
SourceSKILL.md
| 21 | http://localhost:3100 |
low line 48
External URL reference
SourceSKILL.md
| 48 | curl -s http://localhost:3100/v1/actions/providers \ |
low line 144
External URL reference
SourceSKILL.md
| 144 | curl -s -X POST http://localhost:3100/v1/actions/jupiter_swap/swap \ |
low line 203
External URL reference
SourceSKILL.md
| 203 | | API Base URL | `WAIAAS_ACTIONS_JUPITER_SWAP_API_BASE_URL` | `https://api.jup.ag/swap/v1` | Jupiter API endpoint | |
low line 242
External URL reference
SourceSKILL.md
| 242 | curl -s -X POST http://localhost:3100/v1/actions/jupiter_swap/swap \ |
low line 270
External URL reference
SourceSKILL.md
| 270 | const client = new WAIaaSClient({ baseUrl: 'http://localhost:3100', token: 'wai_sess_...' }); |
low line 286
External URL reference
SourceSKILL.md
| 286 | async with WAIaaSClient(base_url="http://localhost:3100", token="wai_sess_...") as client: |
low line 297
External URL reference
SourceSKILL.md
| 297 | The 0x Swap provider uses the [0x Swap API v2](https://0x.org/docs/api#tag/Swap) with the AllowanceHolder approval flow to aggregate liquidity across EVM DEXs. It supports 20 EVM chains. |
low line 301
External URL reference
SourceSKILL.md
| 301 | Enable 0x Swap via **Admin UI > Settings > Actions > 0x Swap**. A 0x API key is **required** (`requiresApiKey: true`). Get a free key at [0x Dashboard](https://dashboard.0x.org/). |
low line 370
External URL reference
SourceSKILL.md
| 370 | curl -s -X POST http://localhost:3100/v1/actions/zerox_swap/swap \ |
low line 400
External URL reference
SourceSKILL.md
| 400 | const client = new WAIaaSClient({ baseUrl: 'http://localhost:3100', token: 'wai_sess_...' }); |
low line 417
External URL reference
SourceSKILL.md
| 417 | async with WAIaaSClient(base_url="http://localhost:3100", token="wai_sess_...") as client: |
low line 431
External URL reference
SourceSKILL.md
| 431 | curl -s -X POST http://localhost:3100/v1/actions/zerox_swap/swap \ |
low line 458
External URL reference
SourceSKILL.md
| 458 | | API Base URL | `WAIAAS_ACTIONS_LIFI_API_BASE_URL` | `https://li.quest/v1` | LI.FI API endpoint | |
low line 528
External URL reference
SourceSKILL.md
| 528 | curl -s -X POST http://localhost:3100/v1/actions/lifi/bridge \ |
low line 560
External URL reference
SourceSKILL.md
| 560 | const client = new WAIaaSClient({ baseUrl: 'http://localhost:3100', token: 'wai_sess_...' }); |
low line 579
External URL reference
SourceSKILL.md
| 579 | async with WAIaaSClient(base_url="http://localhost:3100", token="wai_sess_...") as client: |
low line 596
External URL reference
SourceSKILL.md
| 596 | curl -s -X POST http://localhost:3100/v1/actions/lifi/cross_swap \ |
low line 628
External URL reference
SourceSKILL.md
| 628 | const client = new WAIaaSClient({ baseUrl: 'http://localhost:3100', token: 'wai_sess_...' }); |
low line 647
External URL reference
SourceSKILL.md
| 647 | async with WAIaaSClient(base_url="http://localhost:3100", token="wai_sess_...") as client: |
low line 661
External URL reference
SourceSKILL.md
| 661 | The Lido Staking provider uses the [Lido Protocol](https://lido.fi/) to stake ETH and receive stETH (liquid staking token). Unstaking requests ETH withdrawal via the Lido Withdrawal Queue. Lido operat |
low line 717
External URL reference
SourceSKILL.md
| 717 | curl -s -X POST http://localhost:3100/v1/actions/lido_staking/stake \ |
low line 739
External URL reference
SourceSKILL.md
| 739 | const client = new WAIaaSClient({ baseUrl: 'http://localhost:3100', token: 'wai_sess_...' }); |
low line 752
External URL reference
SourceSKILL.md
| 752 | async with WAIaaSClient(base_url="http://localhost:3100", token="wai_sess_...") as client: |
low line 763
External URL reference
SourceSKILL.md
| 763 | curl -s -X POST http://localhost:3100/v1/actions/lido_staking/unstake \ |
low line 800
External URL reference
SourceSKILL.md
| 800 | The Jito Staking provider uses the [Jito Stake Pool](https://www.jito.network/) to stake SOL and receive JitoSOL (liquid staking token). Unstaking burns JitoSOL to withdraw SOL with epoch boundary del |
low line 856
External URL reference
SourceSKILL.md
| 856 | curl -s -X POST http://localhost:3100/v1/actions/jito_staking/stake \ |
low line 876
External URL reference
SourceSKILL.md
| 876 | const client = new WAIaaSClient({ baseUrl: 'http://localhost:3100', token: 'wai_sess_...' }); |
low line 888
External URL reference
SourceSKILL.md
| 888 | async with WAIaaSClient(base_url="http://localhost:3100", token="wai_sess_...") as client: |
low line 899
External URL reference
SourceSKILL.md
| 899 | curl -s -X POST http://localhost:3100/v1/actions/jito_staking/unstake \ |
low line 933
External URL reference
SourceSKILL.md
| 933 | The Aave V3 Lending provider uses the [Aave Protocol V3](https://aave.com/) to supply collateral, borrow assets, repay debt, and withdraw collateral on EVM chains. It supports multi-chain deployment a |
low line 1011
External URL reference
SourceSKILL.md
| 1011 | curl -s -X POST http://localhost:3100/v1/actions/aave_v3/aave_supply \ |
low line 1039
External URL reference
SourceSKILL.md
| 1039 | const client = new WAIaaSClient({ baseUrl: 'http://localhost:3100', sessionToken: 'wai_sess_...' }); |
low line 1055
External URL reference
SourceSKILL.md
| 1055 | async with WAIaaSClient(base_url="http://localhost:3100", token="wai_sess_...") as client: |
low line 1067
External URL reference
SourceSKILL.md
| 1067 | curl -s -X POST http://localhost:3100/v1/actions/aave_v3/aave_borrow \ |
low line 1101
External URL reference
SourceSKILL.md
| 1101 | The Kamino Lending provider uses the [Kamino K-Lend](https://kamino.finance/) protocol to supply collateral, borrow assets, repay debt, and withdraw collateral on Solana. It uses the @kamino-finance/k |
low line 1166
External URL reference
SourceSKILL.md
| 1166 | curl -s -X POST http://localhost:3100/v1/actions/kamino/kamino_supply \ |
low line 1212
External URL reference
SourceSKILL.md
| 1212 | The Pendle Yield Trading provider uses the [Pendle Finance](https://pendle.finance/) protocol to buy/sell Principal Tokens (PT) and Yield Tokens (YT), redeem matured PT, and manage LP positions on EVM |
low line 1223
External URL reference
SourceSKILL.md
| 1223 | | API Base URL | `WAIAAS_ACTIONS_PENDLE_YIELD_API_BASE_URL` | `https://api-v2.pendle.finance` | Pendle API v2 base URL | |
low line 1312
External URL reference
SourceSKILL.md
| 1312 | curl -s -X POST http://localhost:3100/v1/actions/pendle_yield/buy_pt \ |
low line 1342
External URL reference
SourceSKILL.md
| 1342 | const client = new WAIaaSClient({ baseUrl: 'http://localhost:3100', token: 'wai_sess_...' }); |
low line 1359
External URL reference
SourceSKILL.md
| 1359 | async with WAIaaSClient(base_url="http://localhost:3100", token="wai_sess_...") as client: |
low line 1372
External URL reference
SourceSKILL.md
| 1372 | curl -s -X POST http://localhost:3100/v1/actions/pendle_yield/redeem_pt \ |
low line 1405
External URL reference
SourceSKILL.md
| 1405 | The Drift Perp Trading provider uses the [Drift Protocol V2](https://drift.trade/) to open, close, and modify leveraged perpetual futures positions on Solana. It supports LONG/SHORT positions with mar |
low line 1490
External URL reference
SourceSKILL.md
| 1490 | curl -s -X POST http://localhost:3100/v1/actions/drift_perp/drift_open_position \ |
low line 1524
External URL reference
SourceSKILL.md
| 1524 | const client = new WAIaaSClient({ baseUrl: 'http://localhost:3100', token: 'wai_sess_...' }); |
low line 1543
External URL reference
SourceSKILL.md
| 1543 | async with WAIaaSClient(base_url="http://localhost:3100", token="wai_sess_...") as client: |
low line 1558
External URL reference
SourceSKILL.md
| 1558 | curl -s -X POST http://localhost:3100/v1/actions/drift_perp/drift_add_margin \ |
Scanned on Mar 5, 2026
View Security DashboardInstall this skill with one command
/learn @minhoyoo-iotrust/waiaas-actionsGitHub Stars 12
Rate this skill
Categorymarketing
UpdatedMarch 29, 2026
openclawapigrowth-marketerproduct-marketerbusiness-developmentdata-analystmarketing-analystmarketingsalesdata analytics
minhoyoo-iotrust/WAIaaS