v0.1.0

Uniswap Manage Liquidity

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:33 AM.

Analysis

The skill is purpose-aligned for Uniswap liquidity management, but it can approve tokens and execute irreversible wallet transactions through subagents without clearly documented final approval or bounded permissions.

GuidanceInstall only if you are comfortable letting the agent assist with real Uniswap wallet operations. Before using it, require manual review of every pool, token address, chain, amount, range, allowance, and transaction, and never approve unlimited or unclear wallet permissions.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

The liquidity-manager agent handles:
│   a. Check and execute token approvals (Permit2)
│   ...
│   e. Execute the transaction

The skill delegates token approvals and blockchain transaction execution to a subagent. These are high-impact financial operations, and the visible add-liquidity workflow does not clearly require a final user confirmation after all transaction details are selected.

User impactThe agent could move from a user’s general liquidity request to wallet approvals and on-chain transactions, which may be costly or irreversible if the selected pool, range, chain, amount, or allowance is wrong.

RecommendationRequire explicit final confirmation before every approval or transaction, showing chain, token addresses, pool address, fee tier, range, amounts, allowance, slippage, gas estimate, and revocation instructions.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

README.md

npx skills add https://github.com/wpank/Agentic-Uniswap/tree/main/.ai/skills/manage-liquidity

The README points users to an npx-based install from a remote GitHub path. This is a normal installation pattern and no malicious code is included in the provided artifacts, but the registry source is listed as unknown.

User impactUsers may install from a remote source whose provenance they have not independently verified.

RecommendationVerify the repository owner and commit/version before installation, and prefer pinned or registry-verified sources when available.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

SKILL.md

Verify wallet has sufficient token balances ... Check and execute token approvals (Permit2)

The workflow implies use of wallet/account authority and delegated token-spending permissions. The artifacts do not bound which wallet authority is used, how signing is approved, or whether allowances are limited by amount and expiry.

User impactA wallet approval can grant spending permissions beyond the immediate transaction if not tightly scoped, potentially exposing funds to future misuse.

RecommendationDocument the wallet connection and signing model, use least-privilege allowances, avoid unlimited approvals, set expiry where possible, and require the user to approve each signature in their wallet.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Each action delegates to the `liquidity-manager` agent for execution, with optional `pool-researcher` delegation for intelligent pool selection.

The skill passes wallet-related liquidity details and execution decisions across subagents, but the artifacts do not define the subagents’ identities, permissions, data boundaries, or approval responsibilities.

User impactPosition details, amounts, pool choices, and transaction instructions may be handled by multiple agents without a clearly documented boundary for what each agent can see or do.

RecommendationSpecify each subagent’s allowed inputs, outputs, tools, and authority; keep execution authority separate from research; and require the top-level user confirmation before any subagent-submitted transaction.