v1.0.0

ghostbot-uniswap-v4

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:28 AM.

Analysis

Review before installing: this Sepolia DeFi skill is mostly purpose-aligned, but it under-discloses private-key use and can sign blockchain transactions, approvals, and ongoing auto-rebalancing actions.

GuidanceTreat this as a review-before-install skill. It appears aimed at Sepolia testnet DeFi management rather than hidden exfiltration, but only use a fresh test wallet, never reuse a mainnet-funded private key, verify the contract addresses, review npm dependencies, and explicitly approve each transaction and allowance before running the write scripts.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

scripts/add-liquidity.mjs

const autoRebalance = (process.argv[5] || "true") === "true";
...
args: [CONTRACTS.hook, amountWei * 10n],
...
amount0Min: 0n,
amount1Min: 0n,
...
functionName: "addLiquidity"

The add-liquidity script defaults auto-rebalance on, approves the hook for ten times the requested amount, submits an on-chain addLiquidity transaction, and uses zero minimum amounts.

User impactThe skill can mutate the user's blockchain account state, create token allowances, spend testnet ETH for gas, and put positions under automated rebalancing behavior.

RecommendationRequire explicit user confirmation before every write transaction, explain approvals and slippage/minimum amounts, and let users choose narrower approvals and autoRebalance=false when desired.

Human-Agent Trust Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

By default, the scripts use the built-in demo wallet. To use your own:

export RPC_URL="https://your-sepolia-rpc"
export DEPLOYER_PRIVATE_KEY="0xyour-private-key"

The documentation frames the private key as optional and claims a built-in demo wallet, but the included config code requires RPC_URL and DEPLOYER_PRIVATE_KEY before any script can run.

User impactUsers may misunderstand the setup and trust that no credential is needed, then be surprised into exporting a private key to make the skill work.

RecommendationCorrect the documentation to state that there is no built-in demo wallet in the provided code and that a dedicated Sepolia private key is required for transaction-signing scripts.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

scripts/package.json

"dependencies": {
  "viem": "^2.20.0"
}

The user-directed npm install relies on a semver-ranged dependency rather than a pinned lockfile, and the installed package will be used by scripts that handle a wallet private key.

User impactA future dependency resolution could install different code than the reviewer saw, which matters more because the scripts sign blockchain transactions.

RecommendationPin dependencies with a lockfile and verify the package source before running npm install, especially before providing any wallet private key.

Rogue Agents

SeverityLowConfidenceMediumStatusNote

references/architecture.md

Heartbeat: Every 60 seconds
...
rebalancePosition: Owner-callable, removes old liquidity, computes new range, adds liquidity, tracks surplus

The architecture describes recurring bot/oracle activity and owner-callable rebalancing, which is central to the skill's stated automated liquidity-management purpose but creates ongoing effects after setup.

User impactIf auto-rebalance is enabled, the user's position may continue to be affected by bot/oracle and contract-owner actions over time.

RecommendationEnable auto-rebalance only intentionally, monitor positions and approvals, and provide clear user-facing instructions for disabling automation or exiting positions.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

scripts/config.mjs

const RPC_URL = process.env.RPC_URL;
const PRIVATE_KEY = process.env.DEPLOYER_PRIVATE_KEY;

if (!RPC_URL) throw new Error("Missing RPC_URL env var");
if (!PRIVATE_KEY) throw new Error("Missing DEPLOYER_PRIVATE_KEY env var");

export const account = privateKeyToAccount(PRIVATE_KEY);

The scripts require a wallet private key and use it to create a signing account, while the provided metadata declares no required env vars and no primary credential.

User impactA user may provide a wallet private key even though the skill metadata does not advertise that requirement; if the key is reused elsewhere, the exposure is high-impact even though the scripts target Sepolia.

RecommendationUse only a dedicated Sepolia test wallet with no real funds, and the skill publisher should explicitly declare RPC_URL and DEPLOYER_PRIVATE_KEY as required sensitive configuration.