[new-plugin] uniswap-v4-security-foundations

[wkoutre]

Summary

Submitting uniswap-v4-security-foundations from the uniswap-ai monorepo maintained by Uniswap Labs.

Description: Security-first guide for building Uniswap v4 hooks covering vulnerabilities, audit requirements, and best practices

Canonical Source

The full skill content is maintained at https://github.com/uniswap/uniswap-ai. The SKILL.md included here is a lightweight stub that provides essential guidance and directs agents to install the full plugin for the complete experience.

Checklist

• plugin.yaml with all required fields
• SKILL.md with frontmatter (name, description, version, author)
• LICENSE (MIT)
• README.md
• Name is lowercase with hyphens, 2-40 chars
• Version follows semver
• Directory name matches plugin.yaml name
• Only files inside submissions/uniswap-v4-security-foundations/ are modified

[github-actions]

📋 Phase 3: AI Code Review Report — Score: 25/100

Plugin: uniswap-v4-security-foundations | Recommendation: ⚠️ Merge with caveats

🔗 Reviewed against latest onchainos source code (live from main branch) | Model: claude-opus-4-6 via Anthropic API | Cost: ~189092+2883 tokens

This is an advisory report. It does NOT block merging. Final decision is made by human reviewers.

---

1. Plugin Overview

Field	Value
Name	uniswap-v4-security-foundations
Version	1.1.0
Category	security
Author	Uniswap Labs (wkoutre)
License	MIT
Has Binary	No (Skill only)
Risk Level	Low (educational/reference content only)

Summary: This plugin provides a security-first guide for building Uniswap v4 hooks, covering vulnerabilities, audit requirements, and best practices for Solidity smart contract development. It is a reference/educational skill with no executable logic or on-chain interactions.

Target Users: Smart contract developers building Uniswap v4 hooks who want security guidance and audit checklists.

2. Architecture Analysis

Components:

• Skill only (SKILL.md) — no binary, no source code, no build configuration

Skill Structure:
The SKILL.md is extremely minimal — a stub/pointer file containing:

• YAML frontmatter (name, description, version, author, tags)
• A brief description line
• Installation commands (npx skills add and claude plugin add)
• A link to the actual source on GitHub

No command definitions, no operation flows, no reference docs, no error handling sections.

Data Flow:
No data flow exists. The skill contains no commands, no API calls, no onchainos CLI usage, and no external service integrations. It is purely a pointer to an external GitHub repository.

Dependencies:

• External GitHub repository: https://github.com/uniswap/uniswap-ai/tree/main/packages/plugins/uniswap-hooks/skills/v4-security-foundations
• npx skills CLI tool (for installation)

3. Auto-Detected Permissions

NOTE: plugin.yaml does NOT contain a permissions field. All permissions are inferred from SKILL.md content and source code analysis.

onchainos Commands Used

Command Found	Exists in onchainos CLI	Risk Level	Context
(none)	N/A	N/A	No onchainos commands referenced anywhere in the skill

Wallet Operations

Operation	Detected?	Where	Risk
Read balance	No	—	Low
Send transaction	No	—	High
Sign message	No	—	High
Contract call	No	—	High

External APIs / URLs

URL / Domain	Purpose	Risk
https://github.com/uniswap/uniswap-ai/tree/main/packages/plugins/uniswap-hooks/skills/v4-security-foundations	Source code reference link	Low

Chains Operated On

None. This plugin does not interact with any blockchain.

Overall Permission Summary

This plugin has zero permissions. It does not access any wallets, make any API calls, interact with any blockchain, or execute any commands. It is a stub SKILL.md that points users to an external GitHub repository for the full skill content. The only external reference is a GitHub URL for documentation purposes.

4. onchainos API Compliance

Does this plugin use onchainos CLI for all on-chain write operations?

Yes — N/A. This plugin performs no on-chain write operations of any kind.

On-Chain Write Operations (MUST use onchainos)

Operation	Uses onchainos?	Self-implements?	Detail
Wallet signing	N/A	No	Not applicable — no signing operations
Transaction broadcasting	N/A	No	Not applicable — no broadcasting
DEX swap execution	N/A	No	Not applicable — no swaps
Token approval	N/A	No	Not applicable — no approvals
Contract calls	N/A	No	Not applicable — no contract calls
Token transfers	N/A	No	Not applicable — no transfers

Data Queries (allowed to use external sources)

Data Source	API/Service Used	Purpose
(none)	N/A	No data queries performed

External APIs / Libraries Detected

• No external API endpoints
• No web3 libraries
• No RPC URLs

Verdict: ✅ Fully Compliant

No on-chain operations exist, so there is nothing to violate. The plugin is a documentation-only stub.

5. Security Assessment

Static Rule Scan (C01-C09, H01-H09, M01-M08, L01-L02)

Rule ID	Severity	Title	Matched?	Detail
M01	MEDIUM	supply-chain-unpinned	⚠️ Yes	npx skills add Uniswap/uniswap-ai — no version pinning. The installation command does not lock to a specific version.

All other static rules (C01-C09, H01-H09, M02-M08, L01-L02) — Not matched. No command injection, prompt injection, obfuscation, credential exfiltration, suspicious downloads, hardcoded secrets, persistence, sensitive data access, financial operations, system modification, credential solicitation, or other flagged patterns detected.

LLM Judge Analysis (L-PINJ, L-MALI, L-MEMA, L-IINJ, L-AEXE, L-FINA, L-FISO)

Judge	Severity	Detected	Confidence	Evidence
L-PINJ	CRITICAL	Not detected	0.95	No hidden instructions, no pseudo-system tags, no obfuscation, no jailbreak attempts
L-MALI	CRITICAL	Not detected	0.95	Skill content matches declared purpose — a documentation pointer. No hidden behavior
L-MEMA	HIGH	Not detected	0.95	No memory file writes, no persistent instruction injection
L-IINJ	INFO	Not detected	0.95	No external API requests or CLI calls that process external data
L-AEXE	INFO	Not detected	0.95	No autonomous execution capability — no commands defined at all
L-FINA	INFO	Not detected	0.95	No financial operations of any kind — read-only documentation
L-FISO	N/A	Not detected	0.95	No external data processing, no boundary concerns

Toxic Flow Detection (TF001-TF006)

No toxic flows detected. No prerequisite rules are triggered (no sensitive data access, no credential exfiltration, no command injection, no financial operations, no prompt injection, no persistence, no missing boundary declarations).

Prompt Injection Scan

• No instruction override patterns
• No identity manipulation
• No hidden behavior
• No confirmation bypass
• No unauthorized operations
• No hidden content (base64, invisible chars)

Result: ✅ Clean

Dangerous Operations Check

The plugin does not involve any transfers, signing, contract calls, or transaction broadcasting. No executable operations exist.

Result: ✅ Safe

Data Exfiltration Risk

No data is read, processed, or transmitted. No external API calls. No network requests.

Result: ✅ No Risk

Overall Security Rating: 🟢 Low Risk

6. Source Code Security (if source code is included)

Skipped — this plugin has no source code and no build section.

7. Code Review

Quality Score: 25/100

Dimension	Score	Notes
Completeness (pre-flight, commands, error handling)	2/25	No commands defined. No pre-flight checks. No error handling. The SKILL.md is a stub that redirects to an external repo. The actual security guide content is not included in the submission.
Clarity (descriptions, no ambiguity)	10/25	The description is clear about what the skill claims to be. However, the SKILL.md provides almost no actual content — it's just installation instructions and a link.
Security Awareness (confirmations, slippage, limits)	15/25	N/A for operational security (no operations), but the topic is security-focused. No risk because no operations exist.
Skill Routing (defers correctly, no overreach)	8/15	No routing defined. The skill does not claim capabilities it doesn't have, but it also doesn't define any capabilities at all.
Formatting (markdown, tables, code blocks)	5/10	Valid markdown. Code blocks for installation. Minimal but correctly formatted. Missing the structure expected of a full skill (command index, operation flow, etc.).

Strengths

• Zero attack surface: The plugin performs no operations, making it inherently safe from a security perspective
• Clear attribution: Properly identifies the author (Uniswap Labs) and provides a direct link to the canonical source repository
• Appropriate category: Correctly categorized as "security" with relevant tags

Issues Found

• 🟡 Important: Stub skill with no actual content — The SKILL.md is essentially a pointer/redirect. The entire security guide content lives in the external GitHub repo (uniswap/uniswap-ai). Users installing this plugin get no usable skill content — they must follow the link to get the actual guide. This makes the plugin of limited value as a standalone submission.
• 🟡 Important: Unpinned installation command (M01) — npx skills add Uniswap/uniswap-ai has no version pinning, creating a supply chain risk if the external package is updated with malicious content.
• 🔵 Minor: Missing standard SKILL.md sections — No command index, no operation flow, no error handling, no pre-flight checks, no edge cases documentation. While these are not required for a documentation-only skill, the current content is too sparse to be useful.
• 🔵 Minor: No api_calls declared but also no commands — The api_calls: [] in plugin.yaml is accurate but the empty skill raises the question of what value this plugin provides in the store.

8. Recommendations

1. Include the actual security guide content in the SKILL.md — The current stub provides no value to users who install it. Inline the security foundations content (vulnerabilities, audit checklist, best practices) directly in the SKILL.md so the skill is self-contained and useful.
2. Pin the version in installation commands — Change npx skills add Uniswap/uniswap-ai to npx skills add Uniswap/uniswap-ai@x.y.z to mitigate supply chain risk (M01).
3. Add a disclaimer or context — If the skill is intentionally a stub/pointer, make this explicit in the description: "This is a pointer to the full skill hosted at [repo]. Install the full version for complete content."
4. Consider whether this submission meets minimum content requirements — A skill that contains only installation instructions and a link may not meet the Plugin Store's quality bar for a standalone submission.

9. Reviewer Summary

One-line verdict: A harmless, zero-risk stub skill that contains no executable logic or security concerns, but also provides no substantive content — it's a redirect to an external GitHub repository.

Merge recommendation: ⚠️ Merge with noted caveats

The plugin poses no security risk whatsoever. However, the following should be addressed or acknowledged:

1. The SKILL.md is a stub with no actual security guide content — the value proposition depends entirely on the external GitHub repository
2. The npx skills add command should be version-pinned to address M01 (supply chain risk)
3. Consider whether Plugin Store policy requires minimum substantive content in the SKILL.md itself

---

Generated by Claude AI via Anthropic API — review the full report before approving.

[github-actions]

✅ Phase 2: Structure Validation — PASSED

Linting submissions/uniswap-v4-security-foundations...


✓ Plugin 'uniswap-v4-security-foundations' passed all checks!

→ Proceeding to Phase 3: AI Code Review

[MigOKG]

⚠️ Maintainer Note: External SKILL Reference

This PR's SKILL.md redirects users to install the full version from Uniswap/uniswap-ai via npx skills add. The actual skill logic is maintained in Uniswap's own repository, not submitted here.

As Plugin Store maintainers, we are unable to review or audit the externally hosted SKILL source code and scripts through our standard AI review pipeline. Accordingly, we cannot independently verify the functionality or assess the trading risk of this plugin.