Uniswap Rebalance Position
v0.1.0Rebalance an out-of-range Uniswap V3/V4 LP position by closing the old position and opening a new one centered on the current price. Handles fee collection, removal, range calculation, and re-entry in a single workflow. Use when a position is out of range and needs adjustment.
⭐ 0· 706·2 current·2 all-time
by@wpank
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description and the SKILL.md workflow are consistent: the skill reads Uniswap positions, calculates ranges, and performs fee-collection/removal/add operations. However README suggests an external GitHub install URL while the registry metadata lists 'source: unknown' and there is no install spec — an inconsistency the user should verify. The skill depends on a 'liquidity-manager' subagent (declared in allowed-tools) which plausibly implements transaction capabilities needed for the stated purpose.
Instruction Scope
SKILL.md explicitly instructs fee collection, approval of tokens, removal of liquidity, and adding a new position — all actions that require on‑chain transactions and signing. It delegates execution to a 'liquidity-manager' subagent but does not enumerate how approvals/signatures are obtained, where signing occurs, or what confirmation flow exists. It also references a 'safety-guardian' validator in execution steps, but 'safety-guardian' is not listed in allowed-tools — a mismatch that could hide an unchecked step or missing guard.
Install Mechanism
This is instruction-only (no install spec, no code files) so it doesn't drop code to disk. That is lower installation risk. That said, README includes explicit npx install commands pointing to a GitHub repo (https://github.com/wpank/Agentic-Uniswap/...), which contradicts the registry's 'no install' status; if you follow those instructions you will download external code — inspect that repo before running.
Credentials
The skill declares no required environment variables or credentials, yet its execution requires ability to sign/send transactions and approve tokens. The allowed 'liquidity-manager' subagent likely needs RPC endpoints, signer/private key access, or platform wallet permissions; none of this is documented. Absence of declared credentials is disproportionate to the described actions and creates ambiguity about where sensitive keys live and what will be used to sign txs.
Persistence & Privilege
always is false and there is no install or persistence. The skill does allow autonomous invocation per platform defaults, but that is normal. There is no evidence it modifies other skills or requests permanent system presence.
What to consider before installing
This skill appears to implement a plausible Uniswap V3/V4 rebalance workflow, but before installing or using it verify the following: (1) How and where are on‑chain transactions signed? Ask which signer/wallet (platform-managed wallet, hardware wallet, or private key) the 'liquidity-manager' will use and whether it requires explicit user approval for each tx. (2) Inspect the 'liquidity-manager' and any referenced 'safety-guardian' components (source code or platform permission descriptions). Do not provide private keys or secrets directly; prefer a signer that asks for user confirmation. (3) Confirm the provenance of the skill: README points to a GitHub repo but the registry shows no source — review that repo before running any install command. (4) If you expect this skill to act only on read-only data, demand explicit docs proving it will never sign transactions without an interactive approval. If you cannot verify these points, treat the skill as risky and avoid delegating wallet access to it.Like a lobster shell, security has layers — review code before you run it.
latestvk9707yfym8w5dyk6d62aaajean80wbrc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.