Uniswap Execute Swap

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended for Uniswap trading, but it can move real crypto assets through an autonomous flow without a clear final confirmation step.

Install only if you are comfortable with an agent-assisted crypto trading workflow. Use a limited wallet, review the external MCP server separately, and require a visible quote, route, chain, fees, slippage, and explicit confirmation before any transaction is signed or submitted.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The activation phrases are extremely broad for a skill that can autonomously trigger real on-chain asset trades. In a financial context, vague matching like 'buy', 'sell', or 'convert' can cause unintended invocation from casual discussion, hypothetical questions, or informational requests, increasing the risk of unauthorized or mistaken transactions.

Missing User Warnings

High

Confidence: 96% confidence
Finding: This skill can perform an autonomous on-chain token swap, yet the description does not clearly warn that use may result in real asset movement. In a crypto trading context, failure to disclose that a natural-language request may execute a live trade materially increases the chance of users triggering irreversible financial transactions without informed consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal