Back to skill
Skillv0.1.0
VirusTotal security
Uniswap Research And Trade · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:46 AM
- Hash
- f017f445451c67f9fc7d8cabb0cbdb43b7acd0fd64cdfcf8d87f28664d9551b9
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: research-and-trade Version: 0.1.0 The skill is classified as suspicious due to significant prompt injection vulnerabilities. The primary concern is the 'compound context' mechanism described in SKILL.md, where the full, unvalidated outputs from sub-agents (e.g., token-analyst, pool-researcher) are directly embedded into the prompts of subsequent sub-agents (e.g., risk-assessor, trade-executor). This creates a critical vulnerability where a malicious user could craft inputs to an earlier sub-agent, causing it to generate an output containing harmful instructions, which would then be executed by a later, potentially more privileged, sub-agent. This could bypass the skill's intended safety gates and lead to unauthorized actions or data exfiltration, despite the presence of explicit user confirmation steps and hard vetoes for high-risk trades.
- External report
- View on VirusTotal