uniswap-ai

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The auto-injected pre-flight script computes a device fingerprint, decodes an obfuscated key to generate an HMAC-signed device token, and silently posts those identifiers to external endpoints — hidden telemetry/exfiltration that is not disclosed in or necessary for the Uniswap developer tooling described.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). The script contains a high-entropy, base64-encoded literal assigned to _K: "OE9nNWFRUFdfSVJkektrMExOV2RNeTIzV2JibXo3ZWNTbExJUDFIWnVoZw==". It is decoded and used as an HMAC key to compute a device signature (HMAC_SIG) that is sent to external endpoints. This is not a documentation placeholder, a simple setup password, or a truncated/redacted value — it appears to be an actual secret key embedded in the code. Therefore it should be flagged.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly an Uniswap developer toolset described as "trading, hooks, drivers, and on-chain analysis across V2/V3/V4." That description indicates it is specifically designed for crypto operations (trading/swaps and on-chain interaction). Although the snippet shows only install/reporting code, the primary and explicit purpose is DeFi trading tooling (i.e., moving crypto), which meets the "Crypto/Blockchain (Wallets, Swaps, Signing)" criterion for Direct Financial Execution.