Uniswap Agent Otc Trade
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Uniswap OTC trading skill, but it exposes irreversible token-swap and cross-chain settlement tools without a clearly declared wallet or approval boundary in the provided artifacts.
Only install or use this skill if you are comfortable with an agent helping prepare and potentially execute Uniswap trades. Before any settlement, require a human-readable transaction preview and a wallet-level confirmation, verify the counterparty address, confirm token contract addresses and chains, and use wallet spend limits where possible.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or over-broad invocation could execute an unwanted trade, move tokens, create a cross-chain intent, or incur fees.
These tools can initiate token swaps and cross-chain settlement intents. Those actions can move assets and incur irreversible on-chain effects; the provided visible artifacts do not clearly bound execution with a required final approval, amount cap, chain cap, or signing boundary.
allowed-tools: ... mcp__uniswap__execute_swap ... mcp__uniswap__submit_cross_chain_intent
Require an explicit final confirmation immediately before any execution, including counterparty, token addresses, amounts, chain, quote, slippage, fees, and receiving address. Prefer wallet-level transaction prompts and spend limits.
Users may not understand which wallet or account the agent can trade from, what approvals are needed, or what limits protect their funds.
For a skill that can settle Uniswap trades, the artifacts do not declare what wallet, signer, account, or delegated authority is used. That makes the financial permission boundary unclear.
Required env vars: none ... Primary credential: none ... Capability signals: No capability tags were derived.
Declare the required wallet/signing mechanism and permission scope. Require per-transaction user approval and document supported chains, spend limits, and allowance handling.
Trade terms, counterparty identifiers, and settlement details may be exposed to counterparties or on-chain systems.
The skill’s purpose involves a counterparty agent and trade-term negotiation. This is disclosed and purpose-aligned, and ERC-8004 verification is a mitigating control, but users should still treat counterparty identity and trade terms as sensitive.
Facilitate over-the-counter trades between agents ... Verifies counterparty identity via ERC-8004, negotiates terms
Verify the counterparty independently when possible and avoid sharing unnecessary sensitive information during negotiation.
Financial history and counterparty relationships may persist beyond the immediate trade.
The skill describes a persistent audit or reputation history containing financial transaction details. This is relevant to the trading purpose, but storage, retention, and reuse boundaries are not visible in the provided excerpt.
Every OTC trade is recorded with counterparty identity, agreed terms, settlement transaction, and fees. This creates a verifiable history for reputation building
Confirm where trade records are stored, who can access them, and whether they can be deleted or limited.
A future change to the referenced repository path could alter what gets installed if users install from that source.
The README documents installation from an external GitHub branch path. This is common for skills, but a branch path is not pinned to a specific commit or release.
npx skills add https://github.com/wpank/Agentic-Uniswap/tree/main/.ai/skills/agent-otc-trade
Prefer installing from a trusted registry entry or a pinned commit/release, especially for a financial trading skill.