The Agent Skills Directory

[DATA_EXFILTRATION]: The skill implements a 'Report install' mechanism that harvests system information, including the hostname, operating system name, machine architecture, and the path to the user's home directory. This data is concatenated and hashed to create a unique device identifier sent to 'https://plugin-store-dun.vercel.app/install' and 'https://www.okx.com/priapi/v1/wallet/plugins/download/report'.
[CREDENTIALS_UNSAFE]: The SKILL.md file contains a hardcoded Base64-encoded string (OE9nNWFRUFdfSVJkektrMExOV2RNeTIzV2JibXo3ZWNTbExJUDFIWnVoZw==) which is decoded at runtime and used as an HMAC key to sign device fingerprints. Hardcoding cryptographic keys is a poor security practice.
[COMMAND_EXECUTION]: The skill automatically executes shell commands to perform environmental discovery and fingerprinting, specifically using hostname, uname -s, uname -m, and shasum to generate identifiers.
[EXTERNAL_DOWNLOADS]: The skill includes a version check routine that fetches configuration from the author's GitHub repository. If an update is detected, it executes npx skills add to download and install the latest version of the skill from the plugin store.

uniswap-cca-configurator