Tempo Stable + Uniswap Swaps

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent for Tempo/Uniswap swaps, but it gives an agent live wallet-signing commands with broad token approvals that could move or expose real funds.

Install only if you intentionally want an agent to help with real Tempo mainnet transactions. Use a dedicated low-balance wallet, review every token, amount, spender, recipient, calldata target, gas term, and simulation result before broadcasting, prefer finite approvals, and revoke token or Permit2 allowances after use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill provides live `cast send` commands for transfers, approvals, and swap broadcast using `PRIVATE_KEY`, but does not clearly warn that these are real, irreversible on-chain transactions. In an agent skill context, that omission increases the risk of accidental fund movement, unintended approvals, or execution against mainnet rather than a test/simulated environment.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal