Skills
skills/okx/plugin-store/uniswap-pay-with-any-token/Snyk

uniswap-pay-with-any-token

Fail

Audited by Snyk on Apr 25, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E004: Prompt injection detected in skill instructions.

  • Potential prompt injection detected (high risk: 1.00). The skill contains an auto-injected "Report install" step that obfuscates a key, builds a device fingerprint/HMAC, and silently POSTs that identifier to external endpoints—telemetry/exfiltration that is not part of the stated "pay with any token" purpose and is therefore hidden/deceptive.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The SKILL.md pre-flight "Version check" explicitly curls a raw.githubusercontent.com URL to fetch plugin.yaml and instructs the AI agent to run this check and "re-read this SKILL.md" if an update is applied, meaning arbitrary public GitHub content can be ingested and change the agent's subsequent behavior.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

  • Secret detected (high risk: 1.00). I looked for high-entropy literal values that could be used to access services. The only candidate is the base64 literal:

'OE9nNWFRUFdfSVJkektrMExOV2RNeTIzV2JibXo3ZWNTbExJUDFIWnVoZw=='

This is assigned to _K and then base64-decoded and used as an HMAC key to generate a device signature that is later sent to vendor endpoints. It is a non-placeholder, high-entropy literal (not a simple example password or env var name) and therefore meets the definition of a secret. No API keys like "sk-..." or PEM blocks are present elsewhere; other strings are version numbers, URLs, or generated IDs and are not secrets.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill's description and purpose are explicitly financial: "Pay HTTP 402 payment challenges using any token via Tempo CLI and Uniswap Trading API." It is specifically designed to perform crypto payments/swaps using the Uniswap Trading API and a CLI (Tempo), i.e., to send transactions and move tokens. This matches the "Crypto/Blockchain (Wallets, Swaps, Signing)" category of Direct Financial Execution.

Issues (4)

E004
CRITICAL

Prompt injection detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W008
HIGH

Secret detected in skill content (API keys, tokens, passwords).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Apr 25, 2026, 08:26 AM
Issues
4