Uniswap Batch Swap
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is coherent for Uniswap batch trading, but it can initiate multiple real token swaps through a delegated executor without clearly requiring final user approval for each irreversible trade.
Review this carefully before installing. If you use it, connect only a limited wallet, verify daily limits, and require the agent to show and wait for your approval of every chain, token address, amount, quote, slippage/minimum output, gas estimate, and transaction before execution.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A misunderstood or wrongly parsed batch request could cause multiple real, likely irreversible token swaps before the user has reviewed each leg.
The workflow directs the agent to call a trade-executing subagent for each swap. It does not explicitly require a displayed final quote, token address verification, slippage/min-output review, fee review, or user approval before the executor is launched.
3. **Sequential execution**: For each swap: - Launch `Task(subagent_type:trade-executor)` with swap parameters - Wait for confirmation before starting next swap
Require an explicit user confirmation step for the full batch and each leg, including chain, token contract addresses, amounts, slippage/minimum received, estimated gas, total spend, and stop conditions.
The connected wallet or agent account context may expose balances and be used to spend assets through the executor.
The skill reads trading balance/account state and depends on account-level spending limits. This is expected for a swap skill, but it is sensitive financial authority.
Verify total spending within daily limits and sufficient balance for all swaps using `check_safety_status` and `get_agent_balance`.
Use a limited wallet/account, confirm daily limits are configured, and avoid connecting accounts with assets you do not intend the agent to trade.
If invoked in a broader context, the agent may have more local file access than is necessary for a token-swap workflow.
The skill declares local file read/search tools even though the documented batch-swap workflow only needs user-provided swap parameters and Uniswap tooling.
allowed-tools: >- Read, Glob, Grep, Task(subagent_type:trade-executor), mcp__uniswap__check_safety_status, mcp__uniswap__get_agent_balance
Remove Read/Glob/Grep unless the skill has a documented need to read user-selected local trade-plan files.
Installing from a changing branch could install different content later than what was reviewed here.
The README shows a user-directed install from a mutable GitHub branch via npx. This is not malicious by itself, but provenance and version pinning are not shown in the artifact.
npx skills add https://github.com/wpank/Agentic-Uniswap/tree/main/.ai/skills/batch-swap
Prefer a pinned release, commit hash, or trusted registry package before installing, especially for financial-trading skills.