dapp-uniswap

SUSPICIOUS. The stated purpose matches Uniswap trading, but the execution path is not proportionate or trustworthy: an OKX-branded skill installs and updates a wallet-signing CLI from an unrelated personal GitHub repo via curl|sh, then exposes EVM_PRIVATE_KEY to that external tool. This creates a high supply-chain and credential-theft risk, plus autonomous financial-action risk.