Uniswap Execute Swap
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A prompt such as “swap X for Y” could lead the agent to submit a real token trade, not just show a quote, which can move funds and may be hard to reverse.
The skill explicitly frames financial trade execution as autonomous, but the workflow does not include a required final user confirmation before the swap is executed.
Handles quotes, safety checks, simulation, and execution autonomously.
Require a final explicit confirmation after displaying quote, route, gas, slippage, token addresses, chain, wallet/account, and maximum spend before any signing or broadcast.
Users cannot tell from the artifact which wallet, account, allowances, or signing permissions the skill or MCP server may use to execute trades.
The metadata does not declare wallet credentials or privileged account access, while the skill’s stated purpose is to execute swaps and check spending limits, leaving the actual signing/account authority unclear.
Required env vars: none; Primary credential: none; Capability signals: No capability tags were derived.
Declare the required wallet/auth model, supported accounts/chains, spending limits, approval requirements, and exactly what authority the MCP server receives.
The actual code that may quote, sign, route, or execute trades is outside the reviewed artifact set, so users must trust an additional unreviewed component.
The high-impact swap execution depends on an external MCP server package, but the reviewed skill contains no install spec, pin, lockfile, or included server implementation.
Repo: [`Agentic-Uniswap` MCP server](https://github.com/wpank/Agentic-Uniswap/tree/main/packages/mcp-server) - Package: `@agentic-uniswap/mcp-server`
Pin and document the MCP server version, provide installation/provenance details, and review the server’s wallet handling and transaction execution code before use.
Trade instructions and execution authority may pass to another agent component whose behavior and safeguards are not visible in this review.
The skill delegates high-impact trade execution to a named subagent that is not included in the artifacts, with no described identity, permission boundary, or approval protocol.
Delegate to trade-executor: Launch `Task(subagent_type:trade-executor)` with: tokenIn, tokenOut, amount, chain
Include or reference the reviewed trade-executor specification, define its permissions, and require the main agent to verify and confirm any transaction before execution.