Uniswap Build Hook
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: build-hook Version: 0.1.0 The `SKILL.md` file grants the AI agent access to powerful `Bash` tools, specifically `Bash(forge:*)`, `Bash(npm:*)`, and `Bash(git:*)`. While `forge` is directly relevant to the skill's stated purpose of Uniswap V4 hook development, the inclusion of `npm` and `git` provides broad capabilities for package installation, arbitrary script execution, and repository interaction. These tools, even if scoped, present significant attack surface for supply chain attacks or data exfiltration if the agent is prompted maliciously. Additionally, the `SKILL.md` includes a `curl | bash` command as a suggested installation step for Foundry in its error handling, which, while intended for the user, represents a risky execution pattern that could be exploited via prompt injection if the agent misinterprets its instructions. There is no clear evidence of intentional malicious behavior within the provided files, but the broad permissions and potential for misuse classify this as suspicious.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may change files in the project and run build/dependency/version-control commands as part of the development workflow.
The skill can write and edit project files and run development commands. This is expected for generating contracts, tests, and deployment scripts, but users should notice the local mutation authority.
allowed-tools: >- Read, Write, Edit, Glob, Grep, Bash(forge:*), Bash(npm:*), Bash(git:*)
Use it in a clean branch or test project, review diffs, and approve important commands before relying on the generated output.
Project context and requirements may be passed to a separate hook-builder agent during use.
The skill explicitly hands the full task context to another agent. This is central to its design, but the subagent's own instructions and data boundaries are not included in the provided artifacts.
Invoke `Task(subagent_type:hook-builder)` with the full context.
Avoid including secrets in prompts or project context, and review the hook-builder subagent configuration if it is available in your environment.
If the user runs the suggested setup command, they are executing a remote installer on their machine.
The skill suggests a user-directed remote shell installer for Foundry when the tool is missing. It is not automatic, but it depends on trusting an external installation source.
Install: `curl -L https://foundry.paradigm.xyz \| bash && foundryup`
Install Foundry using official instructions, verify the source, and avoid piping remote scripts to a shell unless you trust and understand them.
A user might over-trust generated smart-contract code and deploy it before adequate testing or audit.
The skill describes generated Solidity code as production-ready. Because Uniswap hooks can affect funds and protocol behavior, users should not treat this claim as a substitute for review and auditing.
Returns production-ready code artifacts written directly to the project.
Treat generated contracts and deployment scripts as drafts until they have been reviewed, tested, and audited for the intended financial use case.