ClawHub

Uniswap V4

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly aligned with Uniswap trading, but it can sign real wallet transactions, grant broad token approvals, and includes bundled shell paths that handle private keys less safely than the docs imply.

Review carefully before installing. Use a dedicated low-balance wallet, prefer the documented TypeScript src/*.ts entrypoints, avoid scripts/*.sh, manually verify chain, router/spender, token addresses, recipient, amount, and slippage before any write action, and revoke ERC20/Permit2 allowances after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill performs sensitive operations using environment variables, network access, and documented command execution (`npx tsx ...`), but no explicit permission declaration is present. In an agent setting, this can cause the skill to be granted broader implicit capabilities than intended, making secret access and transaction-capable network actions less visible to operators and policy controls.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This script directly signs and submits approval and swap transactions with the supplied private key and no interactive confirmation, dry-run, or explicit irreversible-action warning immediately before execution. In an agent skill context, that is dangerous because a caller can trigger real on-chain state changes and token approvals automatically, increasing the chance of unintended fund movement or overly broad approvals if parameters are wrong or manipulated.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script requires PRIVATE_KEY from the environment and then uses it to derive the sender and sign transactions, but the operational flow does not prominently warn that using this script can move funds and create token approvals. In a normal CLI this is risky; in an agent-integrated skill it is more dangerous because automation may invoke it without the human realizing that a live signing key is being used for irreversible blockchain operations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The `--auto-approve` feature can silently grant very large or effectively unlimited allowances during a swap flow, which expands the blast radius beyond the single intended trade. If the approved spender is ever misused, upgraded, compromised, or interacted with incorrectly later, the user's tokens may be drained without another approval step.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
2. **Get swap quote?** → `src/quote.ts` (free, uses on-chain V4Quoter)
3. **Approve tokens?** → `src/approve.ts` (write, ~100K gas, needs `PRIVATE_KEY`)
4. **Execute swap?** → `src/swap.ts` (write, ~300-350K gas, needs `PRIVATE_KEY`)
5. **First time with an ERC20?** → Run approve first, or use `--auto-approve` on swap

## Scripts Reference
Confidence
85% confidence
Finding
auto-approve

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
2. **Get swap quote?** → `src/quote.ts` (free, uses on-chain V4Quoter)
3. **Approve tokens?** → `src/approve.ts` (write, ~100K gas, needs `PRIVATE_KEY`)
4. **Execute swap?** → `src/swap.ts` (write, ~300-350K gas, needs `PRIVATE_KEY`)
5. **First time with an ERC20?** → Run approve first, or use `--auto-approve` on swap

## Scripts Reference
Confidence
85% confidence
Finding
--auto-approve

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
log(`Min output (${slippageBps}bps slippage): ${amountOutMin.toString()}`);
  }

  // ── Auto-approve if needed ──────────────────────────────────────
  if (tokenIn !== ADDRESS_ZERO && autoApprove) {
    const erc20 = new Contract(tokenIn, ERC20_ABI, wallet);
    const permit2Contract = new Contract(cfg.permit2, PERMIT2_ABI, wallet);
Confidence
74% confidence
Finding
Auto-approve

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal