QuickSwap V3 DEX
Audited by Snyk on Jun 16, 2026
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.70). The set mixes legitimate blockchain endpoints (polygonscan, thegraph, polygon.publicnode.com, GitHub/okx) with direct downloads of prebuilt plugin binaries and install scripts served from a personal GitHub (skylavis-sky) — direct executable releases from an unvetted user plus install scripts are a common malware distribution vector even if some checksum checks are present.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The required runtime workflow includes fetching and executing installer scripts from GitHub (e.g.,
curl ... raw.githubusercontent.com/.../install.shin SKILL.md), which is outsider-authored free text (shell script) that can be injected into the agent’s context via the fetched content.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The pre-flight install step fetches and then executes a remote installer script from raw.githubusercontent.com (https://raw.githubusercontent.com/okx/onchainos-skills/${LATEST_TAG}/install.sh) — and the SKILL.md install commands also download plugin binaries from GitHub releases (https://github.com/skylavis-sky/plugin-store/releases/download/quickswap-plugin-v${LOCAL_VER}/quickswap-plugin-linux-x86_64), so remote content is fetched at runtime and executed as a required dependency.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill explicitly performs on-chain cryptocurrency operations and can broadcast transactions that move user funds. It integrates with onchainos wallet commands (wallet login, addresses, balance) and provides a
quickswap-plugin swapcommand which, when run with--confirm, executes up to three on-chain transactions (wrap → approve → swap) on Polygon via the SwapRouter and returns an explorer TX link. It also documents automatic wrapping of native MATIC and approving the router. These are concrete crypto/blockchain transaction and signing actions (not generic tooling), so the skill grants direct financial execution capability.
MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).
- Hidden Unicode characters detected (1 type(s) found)
Issues (5)
Suspicious download URL detected in skill instructions.
Third-party content exposure detected (indirect prompt injection risk).
Unverifiable external dependency detected (runtime URL that controls agent).
Direct money access capability detected (payment gateways, crypto, banking).
Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).