Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Uniswap Agent Otc Trade
v0.1.0Facilitate over-the-counter trades between agents using Uniswap as the settlement layer. Use when user wants to trade tokens directly with another agent, settle an agent-to-agent trade through Uniswap, or execute an OTC swap with a specific counterparty agent. Verifies counterparty identity via ERC-8004, negotiates terms, and settles through Uniswap pools.
⭐ 0· 829·0 current·0 all-time
by@wpank
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description ask for ERC-8004 identity checks, Uniswap pricing, atomic settlement and cross-chain intents; the SKILL.md explicitly references those flows and lists Uniswap-related mcp tools and identity-verifier/trade-executor subagents. The requested capabilities are coherent with the stated purpose.
Instruction Scope
The instructions stay on-topic (verify counterparty, fetch pool prices, negotiate terms, submit swap or cross-chain intent). However, they include execution steps (execute_swap, submit_cross_chain_intent) that will perform on-chain actions. The SKILL.md does not declare how transaction signing/authorization is obtained (user wallet prompts, platform wallet, or stored keys). That missing detail matters because the agent could cause fund movement if the environment provides signing capability.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is written to disk by the skill itself. Low install risk.
Credentials
The skill declares no required environment variables or credentials (which is reasonable for an instruction-only skill). But it lists a set of mcp__uniswap__* tools and Task subagents that likely rely on platform-managed wallets or connectors. Because the skill does not document what credentials or wallet access those tools require, it's unclear whether additional secrets/keys are implicitly needed or used.
Persistence & Privilege
always:false and user-invocable:true (normal). The agent may invoke this skill autonomously (disable-model-invocation:false), which is platform default; combined with the ability to execute on-chain swaps, that increases the blast radius if connectors have signing authority. There is no explicit instruction in SKILL.md requiring explicit user confirmation before executing settlement transactions — this should be clarified.
What to consider before installing
This skill is conceptually consistent with OTC trading via Uniswap, but before installing you should: (1) Ask the platform what the listed mcp__uniswap__* tools and Task(subagent_type:trade-executor) are allowed to do — specifically whether they can sign or broadcast transactions using a platform or user wallet. (2) Require explicit user confirmation/consent in the agent flow for any on-chain transaction, and limit default amounts (test on a small tx or testnet first). (3) Verify the identity of the publisher (owner ID and GitHub reference in README) — the source is 'unknown' in the registry metadata. (4) Confirm how ERC-8004 identity checks are implemented and whether any off-chain data is sent to third parties. If you cannot confirm that transaction signing requires an explicit wallet prompt (rather than implicit platform signing), treat the skill as higher risk and avoid granting it access to real funds.Like a lobster shell, security has layers — review code before you run it.
latestvk97ayn3nym0w9ky5vwgp269yz580xfb3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.