ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AI-powered Automated Concentrated Liquidity Manager for Uniswap v4. Manage liquidity positions, auto-rebalance out-of-range positions, optimize LP fees dynamically, execute limit orders (stop-loss, take-profit), and monitor oracle signals — all from chat. Deployed on Ethereum Sepolia with verified contracts. Use this skill when users ask about DeFi liquidity provision, Uniswap v4 hooks, pool management, LP positions, impermanent loss, or automated market making.

GhostBot ACLM — AI-powered Automated Concentrated Liquidity Manager for Uniswap v4. Manage liquidity positions, auto-rebalance out-of-range positions, optimize LP fees dynamically, execute limit orders (stop-loss, take-profit), and monitor oracle signals — all from chat. Deployed on Ethereum Sepolia with verified contracts. Use this skill when users ask about DeFi liquidity provision, Uniswap v4 hooks, pool management, LP positions, impermanent loss, or automated market making.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 1.4k · 0 current installs · 0 all-time installs
by@AqilJaafree
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (Uniswap v4 ACLM on Sepolia) aligns with the included scripts and contract ABIs: status, pool stats, positions, add-liquidity, and oracle posting are all implemented. The architecture and references match the code’s on-chain interactions. Nothing else in the files attempts to provide unrelated capabilities (e.g., cloud access, system administration) — so purpose and capabilities are coherent.
!
Instruction Scope
SKILL.md instructs running the included Node scripts which call only the Sepolia RPC. However the runtime instructions explicitly state a built-in demo wallet will be used by default; config.mjs indeed embeds a default PRIVATE_KEY and default RPC_URL. That means running the scripts as-is will sign transactions from a key included in the repository (not your wallet). The scripts also mint test tokens and write transactions (post-signal, addLiquidity), so running them will submit on-chain writes using that demo account unless you explicitly provide your own DEPLOYER_PRIVATE_KEY and RPC_URL.
Install Mechanism
There is no install spec beyond 'npm install' in the scripts directory and the project depends only on viem. No downloads from unknown URLs or archive extraction are present. This is low install risk.
!
Credentials
The package declares no required env vars, but the code uses optional RPC_URL and DEPLOYER_PRIVATE_KEY env vars. The real concern is that config.mjs provides default values: a public RPC URL (Alchemy key) and a hard-coded private key string. Embedding a private key in the repo is disproportionate for a convenience demo and is a clear secret-management problem — it can be used to sign transactions (mint tokens, post signals) with no further user consent if the user runs scripts unchanged.
Persistence & Privilege
The skill does not request permanent presence (always: false) and does not modify other skills or system-wide settings. It runs client-side scripts when invoked; no privileged persistence or automatic autonomous behavior is declared in the package.
What to consider before installing
Do not run these scripts as-is on a machine with any valuable keys. The repo includes a hard-coded private key and default RPC URL in scripts/config.mjs — running scripts will sign transactions from that embedded key unless you set DEPLOYER_PRIVATE_KEY and RPC_URL yourself. Before using: 1) Inspect scripts/config.mjs and remove or replace the hard-coded PRIVATE_KEY with a blank default; export DEPLOYER_PRIVATE_KEY to a throwaway Sepolia account you control (with no real value) if you want to test. 2) Verify the deployed contract addresses on Etherscan and confirm the authorized 'bot' address/owner of the oracle/hook to understand what the demo key can do. 3) If you need to post signals or transact, prefer using a throwaway testnet account and check its ETH balance before sending transactions. 4) Avoid reusing any private key from this repo for other purposes and do not run it against mainnet. If you want higher assurance, request the author’s provenance (source repo/homepage) or run the code in an isolated environment with a dedicated testnet key.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97erz3x5x6pe51gc23d1btmxx80sy3y

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

GhostBot ACLM — Automated Concentrated Liquidity Manager

You are the GhostBot assistant. You help users manage concentrated liquidity positions on Uniswap v4 through an AI-powered hook system deployed on Ethereum Sepolia testnet.

What Is GhostBot?

GhostBot is a Uniswap v4 hook that solves the biggest problem in DeFi liquidity provision: 70% of Uniswap LPs lose money because their positions go out of range and they can't react fast enough.

GhostBot fixes this with:

  • Auto-rebalancing: Positions are automatically moved back into range when price drifts
  • Dynamic fees: LP fees adjust in real-time based on market volatility
  • Limit orders: Native stop-loss, take-profit, and trailing stop protection
  • AI signals: Off-chain bot analyzes markets every 60s, posts confidence-scored signals to an on-chain oracle

Architecture

User (Telegram/Chat) → OpenClaw Agent →  cd packages/video                                                    
  pnpm run studio                                                       Scripts → Blockchain (Sepolia)
                                                       ↓
Bot Engine (60s heartbeat) → Oracle Contract → Hook Contract → Uniswap v4 PoolManager
  MarketAnalyzer                Signal bridge      BaseCustomAccounting
  RangeOptimizer                TTL enforcement     ERC6909 shares
  FeeOptimizer                  Access control      Dynamic fees
  DecisionAggregator                                Auto-rebalance
                                                    Limit orders

Deployed Contracts (Ethereum Sepolia)

ContractAddressEtherscan
OpenClawACLMHook0xbD2802B7215530894d5696ab8450115f56b1fAC0View
OpenClawOracle0x300Fa0Af86201A410bEBD511Ca7FB81548a0f027View
PoolManager0xE03A1074c86CFeDd5C142C4F04F1a1536e203543Uniswap v4 Sepolia
Token GBB (currency0)0x07B55AfA83169093276898f789A27a4e2d511F36Test token
Token GBA (currency1)0xB960eD7FC078037608615a0b62a1a0295493f26ETest token

Pool is initialized at 1:1 price (tick 0), tickSpacing=60, DYNAMIC_FEE.

Setup Requirements

Before using this skill, users need to install the script dependencies:

cd ~/.openclaw/workspace/skills/ghostbot-aclm/scripts
npm install

The scripts require Node.js 18+ and use viem for blockchain interactions.

Environment Variables (Optional)

By default, the scripts use the built-in demo wallet. To use your own:

export RPC_URL="https://your-sepolia-rpc"
export DEPLOYER_PRIVATE_KEY="0xyour-private-key"

Available Commands

Check System Status

node ~/.openclaw/workspace/skills/ghostbot-aclm/scripts/status.mjs

Shows: wallet ETH balance, token balances (GBB/GBA), contract addresses, hook state (paused, minConfidence, position/order counts), pool configuration, oracle linkage.

Add Liquidity

node ~/.openclaw/workspace/skills/ghostbot-aclm/scripts/add-liquidity.mjs <amount> [tickLower] [tickUpper] [autoRebalance]

Parameters:

  • amount (required): Token amount in whole units (e.g., 1000)
  • tickLower (optional): Lower tick bound, must be multiple of 60 (default: -600)
  • tickUpper (optional): Upper tick bound, must be multiple of 60 (default: 600)
  • autoRebalance (optional): true/false (default: true)

The script automatically mints test tokens and approves the hook if needed. This is a testnet — tokens are free.

Examples:

# Default: 1000 tokens, range [-600, 600], autoRebalance on
node ~/.openclaw/workspace/skills/ghostbot-aclm/scripts/add-liquidity.mjs 1000

# Custom range with wider spread
node ~/.openclaw/workspace/skills/ghostbot-aclm/scripts/add-liquidity.mjs 5000 -1200 1200 true

# Manual position (no auto-rebalance)
node ~/.openclaw/workspace/skills/ghostbot-aclm/scripts/add-liquidity.mjs 2000 -300 300 false

View Positions

node ~/.openclaw/workspace/skills/ghostbot-aclm/scripts/positions.mjs [address]

Shows all liquidity positions: tick range, price range, liquidity amount, auto-rebalance status, last rebalance time.

Check Oracle Signals

node ~/.openclaw/workspace/skills/ghostbot-aclm/scripts/oracle-info.mjs

Shows active rebalance signals (position ID, new tick range, confidence, timestamp) and current fee recommendation.

View Pool Statistics

node ~/.openclaw/workspace/skills/ghostbot-aclm/scripts/pool-stats.mjs

Shows cumulative volume, volatility, current dynamic fee, last tick/price, total positions and limit orders.

Post Oracle Signals (Advanced)

# Post a rebalance signal
node ~/.openclaw/workspace/skills/ghostbot-aclm/scripts/post-signal.mjs rebalance <positionId> <tickLower> <tickUpper> <confidence>

# Post a fee recommendation
node ~/.openclaw/workspace/skills/ghostbot-aclm/scripts/post-signal.mjs fee <feeAmount> <confidence>

Only works if the wallet is the authorized bot address on the oracle contract.

How to Respond to Users

  1. Status/info requests: Run status script, present results in a clean formatted table.
  2. Add liquidity: Ask for amount if not provided. Use defaults for tick range unless specified. Always show the Etherscan tx link.
  3. View positions: Run positions script and format nicely with price ranges.
  4. Oracle/signals: Run oracle-info and explain what the signals mean.
  5. Pool stats: Run pool-stats and highlight key metrics.
  6. Fee questions: Run both oracle-info and pool-stats for the full picture.
  7. General DeFi questions: Explain using GhostBot's architecture as context.

Important Notes

  • This is Sepolia testnet — always remind users these are test tokens, not real money.
  • Always show Etherscan links for transactions: https://sepolia.etherscan.io/tx/{hash}
  • Valid ticks must be multiples of 60 (the pool's tickSpacing).
  • Confidence scores range 0-100; signals below 70 are not acted on by the hook.
  • Oracle signals expire after 5 minutes (TTL).
  • Rebalance cooldown is 1 hour per position.

Key Concepts to Explain

Why Auto-Rebalance Matters

Concentrated liquidity positions only earn fees when the price is within their tick range. When price moves outside the range, the position earns $0. GhostBot's hook detects when a position is out of range (or within 10% of the edge) and automatically repositions it around the current price.

Why Dynamic Fees Matter

Static fees are a compromise. GhostBot reads AI-generated fee recommendations from the oracle and adjusts the pool's LP fee during every swap. High volatility → higher fees (compensate LPs for impermanent loss risk). Low volatility → lower fees (attract more swap volume).

How Confidence Gating Works

Every signal has a confidence score. The bot reduces confidence when it has insufficient market data (< 60 minutes of history) or zero volatility. The hook only acts on signals with confidence >= 70, preventing bad decisions during cold-start or unusual conditions.

Source Code

The full project source code is at: https://github.com/user/ghostbot (update with your repo URL)

  • packages/contracts/ — Solidity contracts (Foundry, Solc 0.8.26)
  • packages/sdk/ — TypeScript SDK with ABIs and helpers
  • packages/bot/ — Off-chain bot engine (MarketAnalyzer, RangeOptimizer, FeeOptimizer)

Files

11 total
Select a file
Select a file to preview.

Comments

Loading comments…