Uniswap Bridge Tokens
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill has a coherent token-bridging purpose, but it delegates irreversible fund-moving execution without clearly declaring wallet permissions or requiring explicit pre-execution user approval.
Only install or use this skill if you can verify the referenced cross-chain executor and are comfortable with it handling real token transfers. Before any bridge, require a final human confirmation showing the exact wallet, token addresses, chains, recipient, amount, fees, expected received amount, and transaction to be signed.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A parsed request could lead to an irreversible token bridge without the user seeing a final confirmation of amount, recipient, fees, route, or wallet transaction.
The skill hands off bridge execution to another agent, but the workflow does not explicitly require the user to review and approve the final transaction details before funds are moved.
Delegate to cross-chain-executor ... The agent handles quoting, safety, execution, monitoring, and confirmation.
Require explicit user approval after the quote and before execution, especially for large amounts or 'all balance' requests. Show token addresses, chains, recipient, fees, route, expected output, and wallet signing details.
Users may not know which wallet/account will be used, what spending approvals are required, or what limits protect their assets.
The metadata does not declare how wallet, account, or spending authority is obtained or bounded, even though the skill’s workflow performs token bridge execution.
Required env vars: none ... Env var declarations: none ... Primary credential: none
Declare the wallet or provider authority needed, describe the signing model and spending scope, and enforce least-privilege per-transaction consent.
Bridge details such as token, amount, chains, and recipient are passed to another agent that may also control transaction execution.
The skill relies on an external subagent for execution, but the artifact does not describe that subagent’s provenance, permissions, approval behavior, or data boundary.
allowed-tools: [Task(subagent_type:cross-chain-executor), mcp__uniswap__getSupportedChains, mcp__uniswap__getTokenInfo]
Inspect and trust the cross-chain-executor separately, and document exactly what data and authority are passed to it.
A user might over-trust a bridge result if the safety label is shown without clear evidence of the checks performed.
The example output presents a strong safety label; for financial transactions, that label should be backed by transparent checks and user-reviewed transaction details.
Risk: LOW | Safety: APPROVED
Only display safety labels when the exact checks, route, quote, and transaction parameters are available for user review.