ghostbot-uniswap-v4
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill matches a Sepolia DeFi liquidity manager, but it under-declares that it needs a wallet private key and can sign/approve blockchain transactions.
Review this skill carefully before installing. If you use it, create a fresh Sepolia-only wallet with no mainnet funds, verify the contract addresses yourself, and do not provide any private key that controls real assets. Treat every add-liquidity or oracle action as a real transaction and require explicit confirmation before signing.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user provides a real wallet private key, the agent environment can sign blockchain transactions with that wallet.
The scripts require a raw wallet private key to create a signing account, despite the registry declaring no required env vars and no primary credential.
const PRIVATE_KEY = process.env.DEPLOYER_PRIVATE_KEY; ... if (!PRIVATE_KEY) throw new Error("Missing DEPLOYER_PRIVATE_KEY env var"); ... export const account = privateKeyToAccount(PRIVATE_KEY);Require and declare a dedicated Sepolia-only wallet credential, never ask for a main wallet private key, and prefer a wallet flow that requires explicit user approval for each transaction.
Users may not realize the skill actually requires them to supply sensitive wallet signing authority.
The documentation frames the private key as optional and claims a built-in demo wallet, but the provided config code throws errors when RPC_URL or DEPLOYER_PRIVATE_KEY are missing.
By default, the scripts use the built-in demo wallet. To use your own: ... export RPC_URL="https://your-sepolia-rpc" ... export DEPLOYER_PRIVATE_KEY="0xyour-private-key"
Correct the documentation and metadata so the credential requirement, network, wallet scope, and risks are explicit before installation.
Even on Sepolia, the skill can create persistent approvals and positions from the user's signing key; if adapted or misused, similar patterns would be unsafe with valuable assets.
The script approves ten times the requested amount and submits an add-liquidity transaction with zero minimum amounts, with no in-script confirmation gate.
args: [CONTRACTS.hook, amountWei * 10n] ... amount0Min: 0n, amount1Min: 0n ... walletClient.writeContract({ address: CONTRACTS.hook, ... functionName: "addLiquidity"Add explicit transaction confirmation, approve exact amounts, show all contract addresses and amounts before signing, and use nonzero minimums/slippage controls.
Future installs may resolve different dependency versions than the reviewed code expected.
The skill relies on npm dependency resolution with a caret range and no lockfile in the provided manifest; this is common but noteworthy because the scripts handle wallet keys.
"dependencies": { "viem": "^2.20.0" }Pin dependencies with a lockfile and review package provenance before running scripts that use private keys.