Uniswap Build Hook

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Uniswap V4 smart-contract development helper with normal code-generation risks but no evidence of hidden, destructive, or malicious behavior.

Install this only in a development workspace where you are comfortable letting an agent create or edit Solidity, test, and deployment files. Review diffs before committing, verify any npm dependencies and git actions, and check the Foundry install command source before running it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly says it returns production-ready code artifacts written directly to the project, but it does not prominently warn the user up front that invoking it will modify repository files. In an agent setting, silent or insufficiently disclosed write behavior can lead to unintended source changes, overwriting work, or committing unreviewed code into a sensitive codebase.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal