Uniswap Agent Otc Trade
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: agent-otc-trade Version: 0.1.0 The skill is classified as suspicious due to its inherent high-risk capabilities involving direct on-chain financial transactions and identity verification, which, while aligned with its stated purpose, present significant potential for exploitation if underlying components are vulnerable. Specifically, the `SKILL.md` defines the use of powerful tools like `mcp__uniswap__execute_swap` and `mcp__uniswap__submit_cross_chain_intent` for asset transfers, and delegates to subagents (`Task(subagent_type:trade-executor)`, `Task(subagent_type:identity-verifier)`) using prompts that incorporate user-controlled parameters. Although the skill includes safety features like explicit user confirmation and identity checks, the reliance on these powerful tools and subagents, combined with the potential for prompt injection through unsanitized parameters, elevates the risk beyond benign. There is no clear evidence of intentional malicious behavior within the skill's instructions, but the critical nature of its operations warrants a suspicious classification.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or over-broad invocation could execute an unwanted trade, move tokens, create a cross-chain intent, or incur fees.
These tools can initiate token swaps and cross-chain settlement intents. Those actions can move assets and incur irreversible on-chain effects; the provided visible artifacts do not clearly bound execution with a required final approval, amount cap, chain cap, or signing boundary.
allowed-tools: ... mcp__uniswap__execute_swap ... mcp__uniswap__submit_cross_chain_intent
Require an explicit final confirmation immediately before any execution, including counterparty, token addresses, amounts, chain, quote, slippage, fees, and receiving address. Prefer wallet-level transaction prompts and spend limits.
Users may not understand which wallet or account the agent can trade from, what approvals are needed, or what limits protect their funds.
For a skill that can settle Uniswap trades, the artifacts do not declare what wallet, signer, account, or delegated authority is used. That makes the financial permission boundary unclear.
Required env vars: none ... Primary credential: none ... Capability signals: No capability tags were derived.
Declare the required wallet/signing mechanism and permission scope. Require per-transaction user approval and document supported chains, spend limits, and allowance handling.
Trade terms, counterparty identifiers, and settlement details may be exposed to counterparties or on-chain systems.
The skill’s purpose involves a counterparty agent and trade-term negotiation. This is disclosed and purpose-aligned, and ERC-8004 verification is a mitigating control, but users should still treat counterparty identity and trade terms as sensitive.
Facilitate over-the-counter trades between agents ... Verifies counterparty identity via ERC-8004, negotiates terms
Verify the counterparty independently when possible and avoid sharing unnecessary sensitive information during negotiation.
Financial history and counterparty relationships may persist beyond the immediate trade.
The skill describes a persistent audit or reputation history containing financial transaction details. This is relevant to the trading purpose, but storage, retention, and reuse boundaries are not visible in the provided excerpt.
Every OTC trade is recorded with counterparty identity, agreed terms, settlement transaction, and fees. This creates a verifiable history for reputation building
Confirm where trade records are stored, who can access them, and whether they can be deleted or limited.
A future change to the referenced repository path could alter what gets installed if users install from that source.
The README documents installation from an external GitHub branch path. This is common for skills, but a branch path is not pinned to a specific commit or release.
npx skills add https://github.com/wpank/Agentic-Uniswap/tree/main/.ai/skills/agent-otc-trade
Prefer installing from a trusted registry entry or a pinned commit/release, especially for a financial trading skill.