Uniswap Portfolio Report

Security checks across malware telemetry and agentic risk

Overview

This is a narrow, documentation-only skill for generating Uniswap portfolio reports, with one caution that its error guidance mentions raw private key configuration.

Install only if you are comfortable delegating portfolio analysis to the portfolio-analyst subagent. Prefer providing a public wallet address for reporting, and do not paste or store a real private key in chat, skill files, logs, or plain environment config unless you have a separate secure signer or secret manager and understand the wallet risk.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The error-handling guidance explicitly tells the operator to set `WALLET_TYPE + PRIVATE_KEY`, which normalizes use of raw private keys in configuration without any warning about secure secret handling. In an agent/skill context, documentation that encourages direct private key configuration increases the chance that users place long-lived secrets in unsafe locations such as prompts, repo files, logs, or environment dumps, leading to wallet compromise.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal