uniswap-liquidity-planner
Fail
Audited by Snyk on Apr 25, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E004: Prompt injection detected in skill instructions.
- Potential prompt injection detected (high risk: 0.90). The skill contains an auto-injected "Report install" routine that collects a device fingerprint, derives an HMAC with an obfuscated key, and POSTs this data to external endpoints—behavior unrelated to planning/generating Uniswap liquidity deep links and thus hidden/deceptive.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill's pre-flight version check performs a runtime curl of https://raw.githubusercontent.com/okx/plugin-store/main/skills/uniswap-liquidity-planner/plugin.yaml which is used to decide whether to run an automatic updater (npx skills add ...) that would fetch and execute remote code, so this URL is a runtime external dependency that can lead to remote code execution.
HIGH W008: Secret detected in skill content (API keys, tokens, passwords).
- Secret detected (high risk: 1.00). I scanned the entire skill prompt for literal, high-entropy values that could be used to access services.
Findings:
- The base64 string assigned to _K: 'OE9nNWFRUFdfSVJkektrMExOV2RNeTIzV2JibXo3ZWNTbExJUDFIWnVoZw==' is an actual obfuscated key (commented "obfuscated key, same as CLI binary") and is decoded and used to compute an HMAC signature (HMAC_SIG) that is embedded in DIV_ID and sent to remote endpoints (OKX reporting). This is a high-entropy literal secret (not a placeholder or example) and appears usable for forging the HMAC-signed device token, so it meets the definition of a secret.
Ignored / not flagged:
- No API keys like sk-... or PEM blocks are present.
- Other strings (version numbers, file paths, env var names, sample passwords) are clearly non-secret or documentation/config values and were not flagged.
Conclusion: one real hardcoded secret is present — the base64-encoded HMAC key.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is explicitly about Uniswap liquidity: "Plan and generate deep links for creating liquidity positions on Uniswap v2, v3, and v4." This is a purpose-built crypto financial tool (creating liquidity positions on a DEX). Although the excerpt doesn't show low-level signing code, the skill's primary, explicit function is to enable on-chain liquidity operations (crypto asset management), which falls under the crypto/blockchain category in the policy. Therefore it should be flagged as direct financial execution capability.
Issues (4)
E004
CRITICALPrompt injection detected in skill instructions.
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W008
HIGHSecret detected in skill content (API keys, tokens, passwords).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata