ClawHub

Uniswap V4

v2.0.4

Swap tokens and read pool state on Uniswap V4 (Base, Ethereum). Use when the agent needs to: (1) swap ERC20 tokens or ETH via Uniswap V4, (2) get pool info (price, tick, liquidity, fees), (3) find the best pool for a token pair, (4) quote expected swap output via the on-chain V4Quoter, (5) set up Permit2 approvals for the Universal Router, or (6) execute exact-input swaps with proper slippage protection. Supports Base and Ethereum mainnet, plus Base Sepolia testnet. TypeScript with strict types. Write operations need a private key via env var.

1· 1.5k·4 current·4 all-time
by@openclaw-consensus-bot
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code and SKILL.md align with the stated purpose (reading pool state, quoting, Permit2 approvals, and executing swaps). Requested credentials are proportional (PRIVATE_KEY only for write ops). However, the repository includes multiple auxiliary shell/Python scripts that require external tools (cast/foundry, python3, jq) which are not declared in the top-level 'required binaries' or metadata — this mismatch is unexpected but plausibly explained by providing legacy/auxiliary scripts alongside the TypeScript CLI.
!
Instruction Scope
SKILL.md instructs using the TypeScript entrypoints (npx tsx src/*.ts) and clearly limits private-key usage to env var for write operations. Nonetheless several included shell scripts (e.g., scripts/approve.sh, scripts/swap.sh, scripts/v4_read.py wrappers) invoke external binaries (cast) and pass the PRIVATE_KEY as a CLI argument to those binaries (e.g., --private-key "$PRIVATE_KEY"). Passing private keys as process arguments can expose them in process listings on the host. The presence of both modern TypeScript scripts and older shell/Python wrappers creates ambiguity about which code the agent will actually run; the shell wrappers also rely on default public RPC endpoints. The skill's runtime instructions do not clearly document this duality, which increases risk of accidental key exposure.
Install Mechanism
There is no remote download/install step in the skill metadata (instruction-only install); package.json and package-lock.json indicate normal npm dependencies (ethers, dev tooling). No arbitrary remote archives or shorteners are used. This is low risk from an install-mechanism perspective.
Credentials
The only sensitive environment variable used is PRIVATE_KEY for write operations, which is appropriate for a swap/transaction skill. RPC URL env vars are optional. That said, some scripts implicitly assume availability of foundry/cast and pass PRIVATE_KEY to cast as a CLI argument (see instruction_scope). The skill metadata declares node as required but does not declare cast/python/jq as required even though several scripts require them.
Persistence & Privilege
The skill does not request elevated or persistent platform privileges; always:false and the skill doesn't modify other skills or system-wide config. Autonomous invocation is enabled (normal for skills) but not combined with other high-risk signals.
What to consider before installing
This repo appears to implement the advertised Uniswap V4 functionality and only needs a PRIVATE_KEY for transactions, but review and a few precautions are necessary before using with real funds: - Prefer the TypeScript entrypoints (npx tsx src/pool-info.ts, src/quote.ts, src/approve.ts, src/swap.ts) rather than the included shell wrappers. The SKILL.md emphasizes TypeScript usage; many shell scripts are legacy/auxiliary and rely on external tools. - Inspect src/approve.ts and src/swap.ts to confirm they do not pass PRIVATE_KEY on the command line to external processes. If you must use the shell scripts, note they call 'cast' with --private-key "$PRIVATE_KEY" which can expose the key via process listings; avoid running those scripts with real keys. - Use a secure signer when possible (hardware wallet, remote signer, or ephemeral key) rather than a long-lived raw private key in your shell environment. - Supply your own trusted RPC endpoint (Alchemy/Alchemy-like) rather than public endpoints for sensitive operations; the repo notes public defaults but recommends paid providers for important work. - If you plan to install into an automated agent, run the repository's security scan (node scripts/security-scan.mjs) and run unit/integration tests in a safe environment first. Confirm which script the agent will invoke (TypeScript vs. shell) and ensure the agent runtime has only the minimal required binaries. If you want, I can: (1) inspect src/swap.ts and src/approve.ts specifically and report whether they risk leaking PRIVATE_KEY, or (2) produce a short checklist to safely run swaps (minimize key exposure, RPC selection, dry-run steps).

Like a lobster shell, security has layers — review code before you run it.

latestvk973s4ehtxphfs2fgtvp5apqb580xtt6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments