uniswap

[Skill Scanner] Natural language instruction to download and install from URL detected No direct malware or hard-coded secrets were found in the provided documentation. The material describes legitimate functionality for interacting with Uniswap via Ape and uniswap-sdk. Primary security concerns are operational: the skill requires access to signing-capable Ape accounts and network RPC endpoints, and the documentation does not enforce explicit guardrails (interactive confirmation per trade, signer policies, RPC verification). Recommendations: enforce interactive user confirmation before signing/broadcasting, prefer hardware or external signers with explicit approval, validate RPC endpoints and certificate chains, avoid blind web_fetch without certificate/host verification or content integrity checks, and limit indexing cache persistence and permissions. Overall assessment: not malicious, moderate security risk due to potential for financial loss if operated in an insecure environment or without strict confirmation controls. LLM verification: No direct malicious code or hardcoded credentials are present in the provided skill markdown. The major risk is that the skill requires runtime fetching of external documentation and will rely on the uniswap-sdk and Ape to access user signing credentials and RPC endpoints. These are reasonable for a trading skill but create supply-chain and operational risks if the fetched docs or provided RPC endpoints are malicious or compromised. Recommend: (1) require pinned/verified documentation versions o