AI-powered Automated Concentrated Liquidity Manager for Uniswap v4. Manage liquidity positions, auto-rebalance out-of-range positions, optimize LP fees dynamically, execute limit orders (stop-loss, take-profit), and monitor oracle signals — all from chat. Deployed on Ethereum Sepolia with verified contracts. Use this skill when users ask about DeFi liquidity provision, Uniswap v4 hooks, pool management, LP positions, impermanent loss, or automated market making.
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a coherent Sepolia testnet Uniswap helper, but it signs blockchain transactions and uses a shared default wallet key, so it should only be used with throwaway testnet assets.
Use this as a Sepolia testnet tool only. Do not provide a mainnet or valuable wallet private key, review each transaction before running write commands, and verify the external contract addresses and npm dependency before relying on the skill.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you provide DEPLOYER_PRIVATE_KEY, the skill can transact from that wallet on Sepolia; if you use the default key, it is a public shared wallet that should not hold value.
The scripts sign blockchain transactions using either a user-supplied private key or a built-in demo private key. This is purpose-aligned for a blockchain manager, but it is sensitive authority.
const PRIVATE_KEY = process.env.DEPLOYER_PRIVATE_KEY || "0x47f30914312ed58125bfa35b836e5787e5829a7e7db7abd146625b4b15ca6d9e"; export const account = privateKeyToAccount(PRIVATE_KEY);
Use a dedicated Sepolia-only throwaway wallet, never reuse a mainnet or valuable private key, and review transactions before running write scripts.
Running this can create on-chain positions, grant token allowances to the hook, spend Sepolia gas, and enable ongoing auto-rebalance behavior for the position.
The add-liquidity script can approve token spending, add liquidity, and default to automatic rebalancing. It is disclosed and Sepolia-scoped, but it is still a transaction-signing workflow.
const autoRebalance = (process.argv[5] || "true") === "true"; ... args: [CONTRACTS.hook, amountWei * 10n], ... amount0Min: 0n, amount1Min: 0n,
Confirm the token amount, tick range, contract addresses, and autoRebalance setting before running; keep use limited to testnet funds.
If the wallet is the authorized bot, a user could publish oracle signals that influence rebalancing or dynamic fees for the configured Sepolia pool.
The advanced script can post oracle rebalance or fee signals when the signing wallet is authorized. That is aligned with the oracle-management purpose, but it can affect shared on-chain pool behavior.
functionName: "postRebalanceSignal", ... functionName: "postFeeRecommendation",
Only run oracle posting commands when you intentionally control the authorized bot role and understand the downstream pool impact.
A future npm install could fetch a different compatible viem version than the author tested.
The skill asks users to install npm dependencies, and the dependency is specified with a caret range without a provided lockfile. This is common, but it means installs can resolve to newer package versions.
"dependencies": {
"viem": "^2.20.0"
}Install in an isolated directory and consider pinning/locking dependencies before use.
A user or agent that over-trusts all text in the skill might try to run an unrelated local project command.
An unrelated command-like fragment appears inside the architecture diagram. The provided code does not call it and the workflow does not require it, but it is inconsistent with the DeFi purpose and could confuse an agent or user.
OpenClaw Agent → cd packages/video pnpm run studio Scripts → Blockchain (Sepolia)
Ignore this fragment unless the publisher explains it; the normal documented commands are the node scripts under the skill's scripts directory.