Uniswap Viem

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's install step runs an external installer ("npx skills add Uniswap/uniswap-ai"), which fetches and executes remote code as part of setup and is required for the skill, so it can directly control agent behavior or execute code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is titled "Uniswap Viem" and provided by Uniswap. That name explicitly references a Uniswap integration and the viem blockchain client/library — both are specific to cryptocurrency on-chain operations (swaps, transactions, signing). Although the snippet is minimal, the combination of Uniswap + viem strongly implies on-chain transaction capabilities rather than a generic tool. Those capabilities fall under "Crypto/Blockchain (Wallets, Swaps, Signing)" and therefore constitute direct financial execution authority.