sanctum

Integrates with Sanctum SDK for liquid staking and LST swaps on Solana, enabling seamless DeFi operations and liquidity management.

Install this skill

or

46/100

Security score

The sanctum skill was audited on Jun 13, 2026 and we found 18 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 40

Template literal with variable interpolation in command context

SourceSKILL.md

40	`${SANCTUM_API_BASE}/lsts?apiKey=${API_KEY}`

medium line 245

Template literal with variable interpolation in command context

SourceSKILL.md

245	`${this.baseUrl}/lsts?apiKey=${this.apiKey}`

medium line 253

Template literal with variable interpolation in command context

SourceSKILL.md

253	`${this.baseUrl}/lsts/${mintOrSymbol}?apiKey=${this.apiKey}`

medium line 267

Template literal with variable interpolation in command context

SourceSKILL.md

267	const url = new URL(`${this.baseUrl}/swap/token/order`);

medium line 293

Template literal with variable interpolation in command context

SourceSKILL.md

293	const response = await fetch(`${this.baseUrl}/swap/token/execute`, {

medium line 336

Template literal with variable interpolation in command context

SourceSKILL.md

336	console.log(`Found ${lsts.length} LSTs`);

medium line 340

Template literal with variable interpolation in command context

SourceSKILL.md

340	console.log(`INF APY: ${inf.apy}%`);

medium line 529

Template literal with variable interpolation in command context

SourceSKILL.md

529	const url = new URL(`${sanctum.baseUrl}/swap/withdrawStake/order`);

medium line 567

Template literal with variable interpolation in command context

SourceSKILL.md

567	`${sanctum.baseUrl}/lsts/${lstMint}/apys?apiKey=${sanctum.apiKey}&limit=${limit}`

low line 288

Buffer.from base64 decode

SourceSKILL.md

288	const txBuffer = Buffer.from(orderResponse.tx, 'base64');

low line 31

External URL reference

SourceSKILL.md

31	const SANCTUM_API_BASE = 'https://sanctum-api.ironforge.network';

low line 115

External URL reference

SourceSKILL.md

115	https://sanctum-api.ironforge.network

low line 234

External URL reference

SourceSKILL.md

234	private baseUrl = 'https://sanctum-api.ironforge.network';

low line 331

External URL reference

SourceSKILL.md

331	const connection = new Connection('https://api.mainnet-beta.solana.com');

low line 652

External URL reference

SourceSKILL.md

652	- [Sanctum App](https://app.sanctum.so/)

low line 653

External URL reference

SourceSKILL.md

653	- [Sanctum Docs](https://learn.sanctum.so/docs)

low line 654

External URL reference

SourceSKILL.md

654	- [API Documentation](https://learn.sanctum.so/docs/for-developers/sanctum-api)

low line 656

External URL reference

SourceSKILL.md

656	- [Discord](https://discord.gg/sanctum)

Scanned on Jun 13, 2026

View Security Dashboard

Installation guide →

Rate this skill

Categorymarketing

UpdatedJune 15, 2026

openclaw api backend growth-marketer product-marketer data-analyst backend-developer financial-analyst marketing data analytics development finance accounting

dattb-birdeye/skills