ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Uniswap Execute Swap

Execute a Uniswap token swap. Use when user wants to swap, trade, buy, or sell tokens. Handles quotes, safety checks, simulation, and execution autonomously. Supports V2, V3, V4, UniswapX, and cross-chain routing on all supported chains.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 677 · 3 current installs · 3 all-time installs
by@wpank
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The name and description (execute swaps on Uniswap) match the instructions (resolve tokens, safety checks, delegate execution). However, executing a swap necessarily requires wallet signing (private key / wallet access), approvals, or a custodial API — none of which are declared (no required env vars, config paths, or credentials). The skill therefore omits a core capability it needs to operate.
!
Instruction Scope
SKILL.md delegates execution to Task(subagent_type:trade-executor) and calls MCP tools (search_tokens, check_safety_status) which is reasonable, but the instructions do not specify how the agent obtains or stores wallet keys, how user confirmation is obtained before on-chain execution, or what exactly the trade-executor subagent is permitted to do. The skill also states it operates "autonomously" but gives no required confirmation step, creating scope creep from 'suggest a trade' to 'execute with signing'.
Install Mechanism
There is no install spec (instruction-only), so nothing is written to disk by the skill itself — low install risk. It does, however, depend on an external Agentic-Uniswap MCP server (GitHub repo referenced). That external dependency is not bundled or verified here; use of an unverified MCP server is an operational and trust risk.
!
Credentials
The skill declares no required environment variables or credentials, yet performing swaps requires access to signing credentials and possibly allowlists/spending-limit configuration. That discrepancy means required secrets or config may be requested at runtime by the trade-executor or MCP server but are not documented here — a proportionality/opacity issue.
!
Persistence & Privilege
always is false (good) but disable-model-invocation is false (normal), meaning the agent can invoke the skill autonomously. Combined with the ability to execute financial transactions and the missing detail on confirmation and credential handling, autonomous invocation increases risk: the agent could attempt to execute trades without clear, documented user approval flows.
What to consider before installing
This skill claims to execute on-chain swaps but does not say how it will sign transactions or obtain wallet access. Before installing or enabling it: 1) Ask the author how signing is performed — does the trade-executor require your private key, a local wallet connector (e.g., WalletConnect), or a custodial API token? 2) Require an explicit, documented confirmation step before submitting any transaction. 3) Verify and audit the referenced MCP server code (https://github.com/wpank/Agentic-Uniswap) and the trade-executor subagent — do not trust an unknown third-party server with signing or funds. 4) Test on a testnet with small amounts first. 5) If you cannot confirm where private keys remain (local vs remote) and how approvals are handled, do not enable autonomous execution.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.1.0
Download zip
latestvk976mzt8af8rx46ydnv9ake2c980x00b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Execute Swap

Execute a token swap on Uniswap with full safety validation.

Activation

Use this skill when the user says any of:

  • "Swap X for Y"
  • "Buy X with Y"
  • "Sell X for Y"
  • "Trade X for Y"
  • "Exchange X to Y"
  • "Convert X to Y"

Input Extraction

Extract these parameters from the user's message:

ParameterRequiredDefaultSource
tokenInYesToken name/symbol/address
tokenOutYesToken name/symbol/address
amountYesNumeric value
chainNoethereumChain name or context
slippageNo0.5%Explicit percentage
routingNoauto"via V3", "use UniswapX", etc.

Workflow

  1. Validate inputs: Resolve token symbols using search_tokens. Confirm chain is supported.

  2. Pre-flight safety check: Call check_safety_status to verify:

    • Spending limits have room for this trade
    • Rate limits are not exhausted
    • Circuit breaker is not tripped

  3. Delegate to trade-executor: Launch Task(subagent_type:trade-executor) with:

    • tokenIn, tokenOut, amount, chain
    • slippageTolerance (in bps)
    • routingPreference (auto/v2/v3/v4/uniswapx)

  4. Report result to the user in a clear format:

Swap Executed Successfully

  Input:  500.00 USDC
  Output: 0.1538 WETH ($499.55)
  Price:  1 WETH = $3,248.04
  Impact: 0.01%
  Gas:    $0.42

  Tx: https://basescan.org/tx/0xABC...

  Safety: All 7 checks passed

Error Handling

ErrorUser MessageSuggested Action
SAFETY_SPENDING_LIMIT_EXCEEDED"This swap would exceed your $X daily limit."Reduce amount or wait
SAFETY_TOKEN_NOT_ALLOWED"TOKEN is not on your allowlist."Add to config
SAFETY_SIMULATION_FAILED"Swap simulation failed: [reason]."Check addresses, try smaller
INSUFFICIENT_LIQUIDITY"Not enough liquidity at acceptable slippage."Try smaller amount

MCP server dependency

This skill relies on Uniswap MCP tools for chain support lookup, token search, safety checks, and swap execution. When used in isolation (for example, from a skills catalog), ensure the Agentic Uniswap MCP server is running:

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…