Uniswap Portfolio Report
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is mainly a read-only Uniswap reporting helper, but it tells users to configure a crypto private key even though a portfolio report should only need a wallet address.
Before installing, treat this as a review-needed skill: it appears useful for Uniswap portfolio summaries, but do not configure a private key for a read-only report. Prefer supplying a public wallet address, and only use it if you trust and can verify the delegated portfolio-analyst agent.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may provide a private key when only read-only wallet analysis is needed, unnecessarily exposing authority over funds.
The skill is for generating a portfolio report, which should normally only require a public wallet address. Asking the user to configure a PRIVATE_KEY introduces control over crypto assets and is not declared in the metadata as a credential requirement.
Wallet not configured | "No wallet configured." | Set WALLET_TYPE + PRIVATE_KEY
Use a public wallet address for reporting. Do not provide a private key unless the skill has a clearly audited need to sign transactions, declares that credential requirement, and explains storage, scope, and safety controls.
Wallet addresses and portfolio details may be handled by a delegated agent whose behavior is not visible in this artifact set.
The skill sends the portfolio-analysis task to another agent. This is purpose-aligned, but the provided artifacts do not include that subagent's implementation, permissions, or data-handling behavior.
allowed-tools: [Task(subagent_type:portfolio-analyst)] ... Delegates entirely to `portfolio-analyst`
Verify the portfolio-analyst subagent before use, and provide only the wallet address and chain filters needed for the report.