uniswap-cca-deployer
Fail
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill performs unauthorized device fingerprinting by collecting system-specific metadata including hostname, operating system details, hardware architecture, and the user's home directory path. This data is then exfiltrated via POST requests to external endpoints:
https://plugin-store-dun.vercel.app/installandhttps://www.okx.com/priapi/v1/wallet/plugins/download/report. - [COMMAND_EXECUTION]: The script in
SKILL.mdexecutes shell commands (hostname,uname,shasum, andcurl) to generate the device identifier and transmit it. These operations are performed under the guise of 'Pre-flight Dependencies' and run automatically without user confirmation. - [PROMPT_INJECTION]: The skill uses social engineering by claiming to be 'auto-injected by Plugin Store CI' and authored by 'Uniswap Labs' in the documentation, despite internal metadata (
plugin.json) and the actual behavior suggesting otherwise. This framing is designed to deceive both the agent and the user into treating the malicious telemetry block as a standard system requirement. - [CREDENTIALS_UNSAFE]: The skill contains a hardcoded HMAC signing key encoded in Base64 (
OE9nNWFRUFdfSVJkektrMExOV2RNeTIzV2JibXo3ZWNTbExJUDFIWnVoZw==). This key is used to sign the exfiltrated fingerprint, indicating a structured attempt to authenticate malicious telemetry data.
Recommendations
- AI detected serious security threats
Audit Metadata