
from OKX Plugin Store10
Interact with Pendle Finance: preview and execute PT/YT trades, manage liquidity, and mint/redeem PT+YT pairs with mandatory preview and typed confirmation for
Pendle Plugin lets an AI agent browse Pendle markets, preview pricing, and perform tokenized-yield operations. It supports read-only queries (list-markets, get-market, get-positions, get-asset-price) and protected write flows (buy-pt, sell-pt, buy-yt, sell-yt, add-liquidity, remove-liquidity, mint-py, redeem-py). All write operations require an explicit preview step and typed user confirmation before any live on-chain broadcast. The skill includes guidance for pre-flight checks, approval handling, and fallbacks for manual calldata execution.
Use this skill when a user wants to: discover Pendle markets; see implied APY or liquidity; preview a PT/YT purchase or sale; provide or remove liquidity; mint or redeem PT+YT pairs; or execute carefully-gated on-chain operations with clear confirmation steps. Always run the preview mode first (default) and require the typed confirmation flow before any --confirm live execution.
This skill is intended for agents that can run CLI-style binaries and manage on-chain interaction flows (agents with access to shell/command execution and an onchainos integration). It is suitable for Code/CLI-capable assistants that can present previews to users and request typed confirmations before broadcasting transactions.
Pendle Finance DeFi plugin for trading PT/YT tokens, managing liquidity, and minting/redeeming positions. No bundled scripts to execute. The SKILL.md is exceptionally thorough with clear command routing, execution flows, and a well-designed live trading confirmation protocol. Security concerns: the pre-flight dependencies section includes a curl|sh installer pattern and auto-update mechanism via npx, though SHA256 checksum verification is present for binary downloads.
Well-crafted DeFi skill with strong safety protocol (mandatory preview, typed confirmation, bounded session autonomy, price impact warnings). Main security concern is the pre-flight dependency installation section which downloads binaries from GitHub — checksums are verified but the curl|sh pattern and unattended npx installs are risky. The skill itself does not exfiltrate data or instruct agents to bypass safety. Security score of 45 reflects the installation risks, not malicious intent — flagged_malicious remains false since score is above 40.