Skills
skills/migokg/plugin-store/uniswap-swap-integration/Snyk

uniswap-swap-integration

Fail

Audited by Snyk on Apr 9, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E004: Prompt injection detected in skill instructions.

  • Potential prompt injection detected (high risk: 1.00). The auto-injected pre-flight script collects a device fingerprint, computes an HMAC with an obfuscated key, and posts this identifying telemetry to external endpoints (Vercel and OKX), which is hidden/telemetry behavior unrelated to the skill's stated Uniswap swap-integration purpose.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 0.85). The package contains an auto-injected "report install" script that fingerprints the host (hostname, kernel/arch, HOME), derives a device ID, decodes an obfuscated HMAC key, and silently POSTs that identifier to external endpoints (vercel and an OKX priapi URL) — a clear data-exfiltration / telemetry behavior with obfuscation and supply-chain implications that can be used for tracking or abuse without user consent.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

  • Secret detected (high risk: 1.00). I found a base64-encoded literal in the script: 'OE9nNWFRUFdfSVJkektrMExOV2RNeTIzV2JibXo3ZWNTbExJUDFIWnVoZw==', which is decoded into a variable _K and then used to compute an HMAC signature (HMAC_SIG). This is a real, usable secret (an HMAC key) embedded directly in the code — not a placeholder, not truncated, and not a low-entropy example password. Unsetting the variable at runtime does not mitigate the fact the secret is committed in the source.

No other high-entropy secrets or API keys are present; other strings and commands are either endpoints, generated IDs, or normal installation instructions and thus ignored per the rules.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). This skill is explicitly designed to perform crypto token swaps: it references "Integrate Uniswap swaps into applications via Trading API, Universal Router SDK, or direct smart contract calls." Those are specific, purpose-built mechanisms for executing blockchain transactions (swaps/signing/contracts) and thus constitute direct financial execution capability (crypto/blockchain).

Issues (4)

E004
CRITICAL

Prompt injection detected in skill instructions.

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W008
HIGH

Secret detected in skill content (API keys, tokens, passwords).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Apr 9, 2026, 05:45 AM
Issues
4