Uniswap Assess Risk

Security checks across malware telemetry and agentic risk

Overview

This skill is an instruction-only Uniswap risk checker that delegates analysis to a risk-assessor subagent and does not execute trades or request credentials.

Safe to install if you want a second-opinion risk check for Uniswap or related DeFi operations. Keep prompts specific, verify that the configured risk-assessor subagent is trusted, avoid sharing unnecessary portfolio or account details, and do not rely on an APPROVE result as proof that a trade is risk-free.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The skill description and activation guidance are scoped to 'any proposed Uniswap operation,' but the wording is broad enough that an orchestrator could invoke it for generic safety or trading-risk questions outside that domain. This can cause inappropriate routing and over-trust in a Uniswap-specific risk assessor, leading users to receive misleading risk judgments for unsupported contexts such as non-Uniswap protocols or general financial advice.

Vague Triggers

Low

Confidence: 93% confidence
Finding: The example trigger phrase 'Is this trade safe?' is highly generic and can match many conversations unrelated to Uniswap. If used as an activation cue, it increases the chance of accidental invocation, causing the agent to provide domain-specific risk output where it may lack relevant data or authority.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal