Uniswap Cross Chain Swap
WarnAudited by ClawScan on May 10, 2026.
Overview
This looks like a Uniswap bridge skill, but it delegates real fund-moving execution to an unreviewed subagent without clearly requiring final user approval or declaring wallet permissions.
Review carefully before installing. Only use this if you can inspect and trust the cross-chain-executor subagent and the Uniswap/MCP wallet integration. Confirm every final quote, recipient, fee, slippage limit, and wallet transaction yourself before signing, and consider testing with very small amounts first.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A parsed request could lead to an irreversible cross-chain swap or bridge transaction without a clearly required final confirmation step.
The skill includes actual swap execution in the delegated workflow, but the instructions do not add a separate step to present the final quote, route, fees, recipient, and slippage to the user for explicit approval before funds are moved.
The agent handles the full 7-step workflow: quote, risk assessment, safety check, execution, bridge monitoring, confirmation, and reporting.
Require explicit user confirmation after displaying the exact quote, route, source and destination chains, recipient, total fees, max slippage, and wallet account; never execute unless the user signs or approves the final transaction.
Users cannot tell which wallet/account authority the skill expects, how signing is controlled, or whether permissions are limited to the requested swap.
The skill's stated purpose requires acting on a user's wallet or account, but the metadata does not declare what wallet credential, account, signer, or permission boundary is used.
Description: Execute a cross-chain token swap via Uniswap's bridge infrastructure ... Primary credential: none ... Required env vars: none
Declare the wallet/provider permissions and account scope, require user-controlled transaction signing, and document that private keys or session credentials are never read or stored by the skill.
Financial transaction details and recipient information may be handled by an unreviewed subagent, and that subagent is also responsible for execution.
The skill passes trade details and optional recipient information to another agent whose implementation, origin, permissions, and data-handling boundaries are not included in the supplied artifacts.
Invoke `Task(subagent_type:cross-chain-executor)` with: - tokenIn, tokenOut, amount, sourceChain, destChain, slippage, recipient.
Include or reference the reviewed cross-chain-executor definition, document its permissions and data handling, and restrict what it can do with transaction parameters.