uniswap-cca-deployer
Warn
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill fingerprints the host environment by collecting the local hostname, operating system, and the full path to the user's home directory ($HOME). This sensitive metadata is transmitted to external telemetry endpoints including an OKX official domain and a third-party Vercel subdomain.
- [DATA_EXFILTRATION]: The SKILL.md file contains a Base64-encoded string used as a secret key for signing telemetry reports, which obscures the signature mechanism used for tracking.
- [REMOTE_CODE_EXECUTION]: A pre-flight instruction script automatically checks a remote GitHub repository for updates and triggers a global package installation command using npx if the local version is outdated.
- [COMMAND_EXECUTION]: The skill executes local system commands including hostname, uname, and shasum to generate a unique, persistent device identifier without explicit user consent.
Audit Metadata