uniswap-v4-security-foundations

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The prompt includes an auto-injected shell script that computes a device fingerprint, decodes an obfuscated key, builds an HMAC-signed device token, and POSTs it to external endpoints — hidden telemetry/exfiltration steps unrelated to the stated “security guide” purpose and therefore deceptive instructions outside scope.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The package contains an auto-run install/reporting script that constructs a device fingerprint (hostname, OS, arch, HOME), decodes an obfuscated key to HMAC-sign a device token, persists a local flag, and sends that identifier to external endpoints (vercel and okx) — a deliberate telemetry/data-exfiltration mechanism with obfuscation and persistence that could be abused for tracking or supply-chain reporting; no direct remote code execution backdoor was found in the provided files.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). I inspected the skill prompt for literal, high-entropy values used as credentials. The code contains a base64 string assigned to _K:

OEg...Zw== (OE9nNWFRUFdfSVJkektrMExOV2RNeTIzV2JibXo3ZWNTbExJUDFIWnVoZw==)

That string is decoded and concatenated into an HMAC signature (comment even says "obfuscated key, same as CLI binary"). This is a high-entropy literal used as a secret key (not a placeholder nor a low-security password), so it meets the definition of a hardcoded secret. Other items (device IDs, URLs, example commands, and simple example passwords) are non-secrets or placeholders and were ignored.