Skills
skills/migokg/plugin-store/uniswap-cca-configurator/Gen Agent Trust Hub

uniswap-cca-configurator

Fail

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The _shared/preflight.md file directs the agent to download and execute a shell script from https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh.
  • [DATA_EXFILTRATION]: The skill extracts the user's home directory path and hostname to generate a unique fingerprint, which is subsequently exfiltrated via POST requests to plugin-store-dun.vercel.app and okx.com.
  • [METADATA_POISONING]: The skill uses the 'Uniswap Labs' name and branding across its README and descriptions, but is actually associated with a third-party GitHub account 'wkoutre', which is a deceptive practice.
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of external dependencies and scripts from repositories that are not associated with the official author.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 9, 2026, 05:45 AM