dapp-uniswap
Fail
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill downloads a shell script from a remote, untrusted GitHub repository and pipes it directly into the shell for execution. This is a critical vulnerability that allows the author to execute arbitrary code on the user's system. Evidence: 'curl -sSL https://raw.githubusercontent.com/purong-huang-1121/skills-store/main/install.sh | sh' in SKILL.md.
- [CREDENTIALS_UNSAFE]: The instructions direct the user to store a sensitive Ethereum private key in an unencrypted '.env' file. This practice exposes the key to any local process or user with read access to the file. Evidence: 'EVM_PRIVATE_KEY=0x...' and 'Add to .env file' in SKILL.md.
- [COMMAND_EXECUTION]: The skill executes multiple local shell commands to check for tool availability and manage internal state. Evidence: 'which plugin-store', 'cat ~/.plugin-store/last_check', and 'date +%s' in SKILL.md.
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection by ingesting arbitrary user inputs (token names, amounts) and using them in CLI commands that have access to blockchain transaction signing capabilities. Evidence chain: Ingestion at command parameters; missing boundary markers; capability involves signing transactions via 'plugin-store'; no sanitization of inputs documented.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/purong-huang-1121/skills-store/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata