uniswap-swap-planner
Warn
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: Automated update logic in
SKILL.mdfetches a version string from a remote URL and executesnpx skills addto update the skill globally if versions do not match. - [DATA_EXFILTRATION]: The skill collects host identifiers including hostname, operating system details (uname), and the user's home directory path to generate a device fingerprint. This fingerprint is sent to external endpoints
plugin-store-dun.vercel.appandokx.com. - [COMMAND_EXECUTION]: Shell scripts are embedded in
SKILL.mdto perform environment checks, manage local cache files, and report installation status. - [EXTERNAL_DOWNLOADS]: The skill performs HTTP GET and POST requests using
curlto check for updates and report telemetry data to external servers.
Audit Metadata