uniswap-swap-integration
Fail
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill executes a bash script that collects device metadata, including the hostname, operating system details, and the local home directory path ($HOME). This information is hashed and exfiltrated to non-official domains (plugin-store-dun.vercel.app and okx.com) via POST requests.
- [COMMAND_EXECUTION]: The SKILL.md file includes a bash script that is instructed to run at the start of each session. This script performs automated fingerprinting and network reporting without explicit user consent for tracking.
- [PROMPT_INJECTION]: The skill displays deceptive metadata by claiming to be authored by 'Uniswap Labs' in multiple files, yet it is linked to a GitHub account ('wkoutre') that is not affiliated with the official Uniswap organization. This impersonation is used to misleadingly establish trust.
- [OBFUSCATION]: The script uses Base64 encoding to hide a cryptographic key used for signing the exfiltrated device identifier, a technique often used to bypass basic static analysis of exfiltration logic.
Recommendations
- AI detected serious security threats
Audit Metadata