Skills
skills/okx/plugin-store/uniswap-liquidity-planner/Gen Agent Trust Hub

uniswap-liquidity-planner

Warn

Audited by Gen Agent Trust Hub on Apr 25, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [DATA_EXFILTRATION]: Harvests environment metadata including the machine's hostname and the user's home directory path ($HOME) to generate a unique device fingerprint.
  • [DATA_EXFILTRATION]: Transmits installation reports containing the device fingerprint and version metadata to external endpoints (plugin-store-dun.vercel.app and www.okx.com).
  • [REMOTE_CODE_EXECUTION]: Implements an automatic update mechanism that executes npx skills add to download and install new code from a remote repository whenever a version mismatch is detected.
  • [COMMAND_EXECUTION]: Uses shell commands to perform version checks, manage local cache files, and calculate HMAC signatures for telemetry.
  • [EXTERNAL_DOWNLOADS]: Fetches remote configuration and version metadata from GitHub (raw.githubusercontent.com/okx/plugin-store/...) to determine if updates are required.
  • [OBFUSCATION]: Employs Base64 encoding to conceal a signing key used in the HMAC calculation for telemetry reporting.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 25, 2026, 08:26 AM