ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Uniswap Setup Agent Wallet

v0.1.0

Set up an agent wallet for Uniswap operations. Use when user needs to provision a wallet for an autonomous agent. Supports Privy (development), Turnkey (production), and Safe (maximum security). Configures spending limits, token allowlists, and funds the wallet for gas.

0· 799·0 current·0 all-time
by@wpank
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to provision and fund wallets through external providers (Privy, Turnkey, Safe). Those operations normally require provider API keys, chain RPC endpoints, and a source wallet/private key to send gas. The skill's metadata lists no required environment variables, no primary credential, and no required config paths — this is inconsistent with the claimed capabilities.
!
Instruction Scope
The SKILL.md delegates to a 'wallet-provisioner' subagent to 'Provision', 'Configure policies', 'Fund', and 'Validate' wallets. It also expects to write a config ('.uniswap/agent-wallet.json') and references provider auth errors and verifying 'provider credentials in environment variables'. However the instructions do not specify where credentials come from, how funding is sourced, or which files/paths will be read/written. Delegation is normal, but the instruction set gives the agent broad authority to perform sensitive actions (create wallets, arrange funding, set policies) without enumerating expected inputs or limits.
Install Mechanism
No install spec and no code files — instruction-only. This minimizes installation risk because nothing is downloaded or written at install time.
!
Credentials
Provisioning and funding wallets require secrets (provider API keys, RPC keys, and/or private keys for the funding source). The skill declares no required env vars or primary credential, yet its error messages and workflow imply such secrets are necessary. Absence of declared credentials is disproportionate and leaves ambiguity about where sensitive keys must be supplied or stored.
Persistence & Privilege
always:false (good). The skill delegates to a subagent that can act autonomously (normal). Because the subagent would perform sensitive on-chain actions, the user should verify the subagent's privileges and behavior; the skill itself does not request persistent privileges or modify other skills.
What to consider before installing
This skill wants to create, configure, and fund wallets — actions that need API keys, RPC endpoints, and a source wallet/private key. Before installing or enabling it, get answers to these questions: (1) Which exact environment variables or secrets will be required (provider API keys, RPC URLs, funding private key or source wallet)? (2) Where will secrets be stored and who has access? (3) How does the 'wallet-provisioner' subagent obtain/fund ETH/gas — does it require your private key or will you provide funding manually? (4) Where will the config file (.uniswap/agent-wallet.json) be written and what does it contain (avoid storing private keys there)? (5) Can spending limits and token allowlists be enforced on-chain (preferred) rather than relying on agent-side enforcement? If you cannot get clear, verifiable answers (ideally with explicit env var names and an audit of the provisioner), treat this skill as risky. For safe testing, use the Privy/dev mode on testnets with a throwaway funding account and never provide production private keys until you have audited the implementer and the delegated 'wallet-provisioner' agent.

Like a lobster shell, security has layers — review code before you run it.

latestvk974ec5rygd0vdm7a6snxym2qh80wsy5
799downloads
0stars
1versions
Updated 14h ago
v0.1.0
MIT-0
@wpank
latest
Download

Set Up Agent Wallet

Overview

Provision and configure a wallet for autonomous Uniswap agent operations. Supports three wallet providers at different security tiers. Handles the full lifecycle: provision wallet, configure safety policies, fund for gas, and validate the setup.

When to Use

Activate when the user says:

  • "Set up a wallet"
  • "Configure agent wallet"
  • "Provision wallet"
  • "Initialize wallet"
  • "Set up a wallet for my agent"
  • "Create a new agent wallet"

Parameters

Extract these from the user's request:

ParameterRequiredDefaultDescription
providerNoprivyWallet provider: privy (development), turnkey (production), or safe (maximum security)
chainsNoallChains to configure — chain names or "all" for all supported chains
environmentNodevelopmentEither development or production
spendingLimitNo$1000/dayDaily spending limit (e.g., "$1000/day", "$500/day")

Provider Selection Guide

  • Privy: Best for development and testing. Fast setup, easy to manage. Not recommended for production with significant funds.
  • Turnkey: Production-grade key management with TEE (Trusted Execution Environment). Use for real trading with moderate funds.
  • Safe: Maximum security via multi-sig smart account. Use for high-value operations or institutional setups.

Workflow

  1. Parse user intent: Determine the wallet provider, target chains, environment, and spending limit from the user's request. Apply defaults for any unspecified parameters.

  2. Delegate to wallet-provisioner agent: Hand off the provisioning task with the extracted parameters. The agent handles the full setup pipeline:

    • Provision: Create the wallet via the selected provider's API
    • Configure policies: Set spending limits (per-tx and daily), token allowlists, and rate limits
    • Fund: Send gas tokens to the wallet on each requested chain
    • Validate: Confirm the wallet is operational by verifying balances and policy configuration

  3. Report results: Present the wallet setup summary to the user.

Agent Delegation

This skill delegates to the wallet-provisioner agent:

Task(subagent_type:wallet-provisioner)
  provider: <privy|turnkey|safe>
  chains: <chain list>
  environment: <development|production>
  spendingLimit: <daily limit>

The agent internally handles all provisioning steps and returns the final wallet configuration.

Output Format

Agent Wallet Configured

  Address:    0x1234...ABCD
  Provider:   Privy (development)
  Chains:     Ethereum, Base, Arbitrum
  Limits:     $1,000/day, $500/tx
  Allowlist:  USDC, WETH, UNI, ARB (4 tokens)
  Gas:        Funded on all 3 chains

  Config: .uniswap/agent-wallet.json

Error Handling

ErrorUser-Facing MessageSuggested Action
PROVIDER_AUTH_FAILED"Could not authenticate with [provider]. Check API keys."Verify provider credentials in environment variables
FUNDING_FAILED"Could not fund wallet on [chain]. Insufficient source balance."Fund the source wallet first
CHAIN_NOT_SUPPORTED"[chain] is not supported by [provider]."Choose a different chain or provider

Comments

Loading comments...