Habilidades uniswap Historial de auditorías
📦

Historial de auditorías

uniswap - 7 auditorías

Versión de auditoría 7

Más reciente Riesgo medio

Jun 28, 2026, 09:49 AM

Static command-execution and weak-cryptography findings are false positives caused by Markdown inline code and blockchain terminology in SKILL.md. The real risks are external documentation fetching and guidance for live Uniswap trading, which can move user assets if used without confirmation.

1
Archivos escaneados
50
Líneas analizadas
6
hallazgos
codex
Auditado por
Problemas de riesgo medio (1)
SKILL.md:36-39
Live Trading Workflow Can Move User Assets
The skill is designed for Uniswap trading and acknowledges that trades are risky. It instructs agents to query prices and ask the user before trading, but misuse could still result in unwanted swaps or financial loss.
Problemas de riesgo bajo (4)
SKILL.md:15-21SKILL.md:43
Documentation Fetching Requires Network Access
The skill instructs agents to fetch Uniswap SDK, Ape, and ape-tokens documentation from GitHub and ApeWorX documentation sites. These are legitimate documentation URLs, and no evidence of data exfiltration was found.
SKILL.md:4SKILL.md:7SKILL.md:15-17SKILL.md:20SKILL.md:29SKILL.md:32SKILL.md:36
False Positive: Markdown Backticks Flagged as Commands
Static analysis flagged inline Markdown code spans as shell or Ruby backtick execution. SKILL.md is prose documentation and contains no executable script blocks or shell invocation.
SKILL.md:3SKILL.md:7-10SKILL.md:21SKILL.md:43
False Positive: Blockchain Terms Flagged as Weak Cryptography
The weak-cryptography findings appear to come from blockchain and trading terminology, not from use of weak algorithms. No evidence found of MD5, SHA-1, DES, RC4, or custom cryptography.
SKILL.md:29
False Positive: Token Names Flagged as System Reconnaissance
The system reconnaissance finding points to token symbols and routing guidance. No evidence found of host enumeration, process listing, network scanning, or environment inspection.

Factores de riesgo

🌐 Acceso a red (7)
SKILL.md:15 SKILL.md:16 SKILL.md:17 SKILL.md:19 SKILL.md:20 SKILL.md:21 SKILL.md:43

Patrones detectados

External Documentation Fetch InstructionsLive Swap Guidance

Versión de auditoría 6

Riesgo bajo

Jan 21, 2026, 04:09 PM

Static analysis detected 36 potential issues, but manual review confirms these are false positives from markdown formatting and legitimate documentation URLs. The skill contains only instructional content for using the Uniswap SDK with proper risk warnings. Network risk factor is present due to documented references to GitHub documentation URLs.

2
Archivos escaneados
512
Líneas analizadas
2
hallazgos
claude
Auditado por
Problemas de riesgo bajo (1)
SKILL.md:15-21SKILL.md:43
Documentation URLs Present
The skill contains references to external GitHub documentation URLs for web_fetch operations. These are legitimate instructional references to official ApeWorX documentation and are necessary for the skill to function properly by fetching current API documentation.

Factores de riesgo

🌐 Acceso a red (7)
SKILL.md:15 SKILL.md:16 SKILL.md:17 SKILL.md:19 SKILL.md:20 SKILL.md:21 SKILL.md:43

Versión de auditoría 5

Riesgo medio

Jan 16, 2026, 03:20 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

2
Archivos escaneados
230
Líneas analizadas
2
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Factores de riesgo

🌐 Acceso a red (7)
SKILL.md:15 SKILL.md:16 SKILL.md:17 SKILL.md:19 SKILL.md:20 SKILL.md:21 SKILL.md:43
⚙️ Comandos externos (15)
SKILL.md:4 SKILL.md:4 SKILL.md:7 SKILL.md:15 SKILL.md:16 SKILL.md:17 SKILL.md:17 SKILL.md:20 SKILL.md:29 SKILL.md:29 SKILL.md:29 SKILL.md:32 SKILL.md:32 SKILL.md:32 SKILL.md:36

Patrones detectados

Hardcoded URLWeak cryptographic algorithmSystem reconnaissanceRuby/shell backtick execution

Versión de auditoría 4

Riesgo medio

Jan 16, 2026, 03:20 PM

AI analysis failed after multiple attempts - MANUAL REVIEW REQUIRED before publishing. This skill cannot be auto-published until reviewed by a human.

2
Archivos escaneados
230
Líneas analizadas
2
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Factores de riesgo

🌐 Acceso a red (7)
SKILL.md:15 SKILL.md:16 SKILL.md:17 SKILL.md:19 SKILL.md:20 SKILL.md:21 SKILL.md:43
⚙️ Comandos externos (15)
SKILL.md:4 SKILL.md:4 SKILL.md:7 SKILL.md:15 SKILL.md:16 SKILL.md:17 SKILL.md:17 SKILL.md:20 SKILL.md:29 SKILL.md:29 SKILL.md:29 SKILL.md:32 SKILL.md:32 SKILL.md:32 SKILL.md:36

Patrones detectados

Hardcoded URLWeak cryptographic algorithmSystem reconnaissanceRuby/shell backtick execution

Versión de auditoría 3

Seguro

Jan 10, 2026, 10:19 AM

Prompt-only skill providing guidance for using uniswap-sdk. Contains no executable code, no file access, no network calls, and no command execution capabilities. Instructions focus on fetching documentation and safely interacting with the Uniswap DeFi protocol.

1
Archivos escaneados
50
Líneas analizadas
0
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Versión de auditoría 2

Seguro

Jan 10, 2026, 10:19 AM

Prompt-only skill providing guidance for using uniswap-sdk. Contains no executable code, no file access, no network calls, and no command execution capabilities. Instructions focus on fetching documentation and safely interacting with the Uniswap DeFi protocol.

1
Archivos escaneados
50
Líneas analizadas
0
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad

Versión de auditoría 1

Seguro

Jan 10, 2026, 10:19 AM

Prompt-only skill providing guidance for using uniswap-sdk. Contains no executable code, no file access, no network calls, and no command execution capabilities. Instructions focus on fetching documentation and safely interacting with the Uniswap DeFi protocol.

1
Archivos escaneados
50
Líneas analizadas
0
hallazgos
claude
Auditado por
No se encontraron problemas de seguridad
← Volver a Skill