Uniswap Bridge Tokens

Security checks across malware telemetry and agentic risk

Overview

This skill is built for legitimate cross-chain token bridging, but it can hand off a high-impact fund-moving workflow without clearly requiring explicit user approval first.

Review carefully before installing if you will connect a wallet or authorize transactions. Only use it when you want an agent to prepare cross-chain transfers, and require every transaction to show token, amount, source chain, destination chain, recipient, route, fees, and final approval before signing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger examples include broad phrases such as 'Send tokens to another chain' and 'Bridge tokens' without requiring stronger bridge-specific context or explicit parameter confirmation. In an agent-routing setting, this can cause the skill to activate on ambiguous transfer requests and initiate a high-risk financial workflow when the user may not have intended a cross-chain bridge.

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal