Uniclaw Skill

WarnAudited by ClawScan on May 10, 2026.

Overview

This skill matches its stated trading purpose, but it can trade or withdraw tokens and reads a shared Unicity wallet/private key, so users should review and restrict it carefully.

Treat this as a real financial trading integration. Use a dedicated low-balance Unicity wallet, verify the UniClaw server you are connecting to, and require explicit approval for every trade, deposit, and withdrawal before letting an agent use it.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

High

#ASI03: Identity and Privilege Abuse

What this means

If the agent invokes this skill, it can authenticate as the user's Unicity identity for UniClaw actions, including financial actions tied to deposited UCT.

Why it was flagged

The code reads the user's shared Unicity wallet mnemonic and then accesses an internal private-key field. The key is used for request signing rather than being plainly exfiltrated, but this is still high-impact wallet access.

Skill content

const mnemonicPath = join(config.walletDataDir, 'mnemonic.txt'); ... readFileSync(mnemonicPath, 'utf-8').trim(); ... const fullIdentity = (sphere as any)._identity; ... return fullIdentity.privateKey;

Recommendation

Use a separate low-balance test wallet, avoid mainnet or valuable wallets until reviewed, and require explicit user approval for any trade, deposit, or withdrawal.

High

#ASI02: Tool Misuse and Exploitation

What this means

An agent that is allowed to use the skill could move deposited UCT out of the UniClaw account if it runs the command with an address and amount.

Why it was flagged

The withdrawal script directly submits a token withdrawal to an arbitrary address supplied on the command line, with no confirmation prompt or documented policy limiting when an agent may run it.

Skill content

const result = await apiPost('/api/agent/withdraw', {
    amount: parseFloat(amount),
    recipientAddress: to,
  }, privateKey);

Recommendation

Only enable the skill with explicit approval gates for withdrawals, and set clear limits on allowed recipients and amounts.

Medium

#ASI02: Tool Misuse and Exploitation

What this means

The agent could place orders that lock or lose UCT if invoked with unfavorable market, price, or quantity parameters.

Why it was flagged

The trading script directly places market orders using wallet-authenticated requests. The artifacts do not document a required user confirmation step, maximum trade size, or loss limit.

Skill content

const result = await apiPost(`/api/agent/markets/${marketId}/orders`, {
        side,
        price: parseFloat(price),
        quantity: parseInt(quantity, 10),
      }, privateKey);

Recommendation

Require per-order approval, review market ID/side/price/quantity before execution, and keep only a limited trading balance deposited.

Low

#ASI05: Unexpected Code Execution

What this means

Running the documented commands executes the skill's Node/TypeScript code on the local machine.

Why it was flagged

The skill is operated by running local TypeScript scripts through npx/tsx. This is expected for the advertised CLI integration, but users should recognize that installing and using it executes local code.

Skill content

npx tsx scripts/register.ts <your-agent-name>
...
npx tsx scripts/trade.ts buy --market <id> --side yes --price 0.35 --qty 10

Recommendation

Install only in an environment where running this code is acceptable, and review updates before using them with a funded wallet.