Uniswap Cross Chain Arbitrage
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for Uniswap arbitrage, but it defaults toward executing real cross-chain trades and does not clearly declare or bound the wallet/account authority and spending limits involved.
Before installing or invoking this skill, treat it as capable of affecting real crypto funds. Start with scan-only mode, set a strict maxAmount, verify the exact wallet and chains being used, and require explicit manual confirmation for every transaction.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked in execute mode, the agent could attempt cross-chain trades that spend funds, incur gas/bridge fees, or lose money through slippage or failed execution.
The skill is designed to execute financial transactions, defaults to execute mode, and does not show a default spending cap. The visible workflow includes user selection, but the artifacts do not clearly define hard approval, cap, or transaction-signing boundaries.
Task(subagent_type:cross-chain-executor) ... | maxAmount | No | -- | Maximum capital to deploy per opportunity ... | mode | No | execute | "execute" (full pipeline) or "scan"
Use scan-only mode by default, set an explicit maxAmount, and require manual review of every route, cost estimate, and wallet signature before execution.
A user may not clearly understand which wallet, account, or delegated authority the skill will use before it evaluates or attempts trades.
Reading an agent's Uniswap balance and performing cross-chain execution implies access to wallet/account privileges, while the supplied registry metadata declares no primary credential or required credential setup.
- mcp__uniswap__get_agent_balance ... This skill automates ... cross-chain execution via ERC-7683
Declare the exact wallet/account authority required, document whether any signing is manual or delegated, and limit the skill to a clearly selected wallet and spending allowance.
The reviewed package does not provide code for the referenced execution behavior, so users must trust the external source and runtime tools.
The README points to an external GitHub install source, while the reviewed artifact set contains only README.md and SKILL.md. This is normal for an instruction-only skill, but any external subagents or execution components are not reviewable here.
npx skills add https://github.com/wpank/Agentic-Uniswap/tree/main/.ai/skills/cross-chain-arbitrage
Install only from a trusted source and review any referenced subagents, MCP servers, or executor components before allowing trade execution.
Portfolio balances, trade candidates, and risk information may be exposed to configured subagents or provider tools during analysis and execution.
The workflow passes financial and portfolio context among multiple subagents and a Uniswap MCP tool. This is purpose-aligned for arbitrage, but the artifacts do not specify data boundaries between those components.
Task(subagent_type:opportunity-scanner) ... Task(subagent_type:risk-assessor) ... Task(subagent_type:cross-chain-executor) ... Task(subagent_type:portfolio-analyst) ... mcp__uniswap__get_agent_balance
Confirm which subagents and MCP servers receive account data, and avoid using sensitive wallets unless data handling and permissions are understood.