Uniswap Build Hook
PassAudited by ClawScan on May 1, 2026.
Overview
This skill is coherent for generating Uniswap V4 hook code, but users should review generated smart-contract code, project file changes, and the delegated subagent behavior before relying on it.
This appears safe to install for its stated purpose, but use it like a smart-contract code generator: work in a branch, review every file it writes, inspect commands before running them, do not include secrets in the prompt or project context, and have generated Uniswap hook code audited before deploying with real assets.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may change files in the project and run build/dependency/version-control commands as part of the development workflow.
The skill can write and edit project files and run development commands. This is expected for generating contracts, tests, and deployment scripts, but users should notice the local mutation authority.
allowed-tools: >- Read, Write, Edit, Glob, Grep, Bash(forge:*), Bash(npm:*), Bash(git:*)
Use it in a clean branch or test project, review diffs, and approve important commands before relying on the generated output.
Project context and requirements may be passed to a separate hook-builder agent during use.
The skill explicitly hands the full task context to another agent. This is central to its design, but the subagent's own instructions and data boundaries are not included in the provided artifacts.
Invoke `Task(subagent_type:hook-builder)` with the full context.
Avoid including secrets in prompts or project context, and review the hook-builder subagent configuration if it is available in your environment.
If the user runs the suggested setup command, they are executing a remote installer on their machine.
The skill suggests a user-directed remote shell installer for Foundry when the tool is missing. It is not automatic, but it depends on trusting an external installation source.
Install: `curl -L https://foundry.paradigm.xyz \| bash && foundryup`
Install Foundry using official instructions, verify the source, and avoid piping remote scripts to a shell unless you trust and understand them.
A user might over-trust generated smart-contract code and deploy it before adequate testing or audit.
The skill describes generated Solidity code as production-ready. Because Uniswap hooks can affect funds and protocol behavior, users should not treat this claim as a substitute for review and auditing.
Returns production-ready code artifacts written directly to the project.
Treat generated contracts and deployment scripts as drafts until they have been reviewed, tested, and audited for the intended financial use case.