Uniswap Rebalance Position
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for Uniswap rebalancing, but it asks an agent/subagent to make high-impact DeFi transactions and token approvals without clearly declaring or bounding wallet permissions and transaction safety limits.
Review this carefully before installing. It is not shown to be malicious, but it can affect real funds. Only use it with a wallet you control, verify the exact position ID, chain, token amounts, approval limits, slippage, and gas costs, and require wallet confirmation before any transaction is sent.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or overbroad execution could close the wrong LP position, set unsafe token approvals, or reopen liquidity on unfavorable terms.
These are high-impact DeFi actions that can move assets and create token allowances. Although the skill asks for user confirmation, it does not specify transaction-level safety bounds such as approval caps, slippage limits, deadlines, or required wallet review.
The agent executes atomically: ... Collect fees from old position ... Remove 100% liquidity from old position ... Approve tokens for new position (if needed) ... Add liquidity at new range
Before using, require an exact transaction preview with chain, position ID, token amounts, approval amounts, slippage/deadline settings, gas, and a separate wallet confirmation for each transaction.
Users may not realize the skill needs authority to perform blockchain transactions and token approvals, not just read Uniswap position data.
The workflow implies wallet or delegated signing authority, but the provided registry metadata lists no primary credential, required environment variable, or capability tag explaining how that authority is obtained and limited.
d. Approve tokens for new position (if needed) ... e. Add liquidity at new range ... Returns: old position closed, fees collected, new position ID, new range, tx hashes
Declare the wallet/signing requirement explicitly and limit execution to the user-selected chain, wallet, position ID, and transaction parameters.
Position details and transaction intent may be passed to another agent component that performs the actual financial operations.
The skill hands execution to a separate liquidity-manager subagent. That is purpose-aligned, but the provided artifacts do not show the subagent's implementation or permission boundaries.
allowed-tools: [Task(subagent_type:liquidity-manager), ...] ... Step 3: DELEGATE TO LIQUIDITY-MANAGER
Use only with a trusted liquidity-manager subagent and confirm what data and permissions are shared with it.
A user may rely on a safety check that is not actually present in the provided skill artifacts.
The skill claims a safety-guardian validates each step, but the declared allowed tools list does not include a safety-guardian, and no supporting artifact is provided. In a financial workflow, unsupported safety claims can cause users to over-trust the automation.
f. Each step validated by safety-guardian
Do not rely on the safety-guardian claim unless the validator is installed, visible, and explicitly invoked; require human review of every proposed transaction.