v0.1.0

Uniswap Research And Trade

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:33 AM.

Analysis

The skill is openly designed to research and trade on Uniswap, but it can execute real crypto trades after an agent-only approval and does not clearly scope the wallet or trading authority it needs.

GuidanceInstall only if you are comfortable with an agent-mediated crypto trading workflow. Before use, confirm which wallet it can access, enforce low spend limits, require manual signing or final confirmation for every trade, and verify the referenced risk-assessor and trade-executor components.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

APPROVE         → Proceed to Step 4 ... (only if APPROVE or user confirms CONDITIONAL)

The workflow indicates that a normal approval proceeds to trade execution, while only conditional approval explicitly asks the user. That leaves real trade execution gated by the agent's own risk decision rather than a clear final user confirmation.

User impactA mistaken or manipulated assessment could cause the agent to spend the user's funds in an irreversible crypto trade.

RecommendationRequire explicit user confirmation immediately before every trade, showing token, chain, amount, pay token, pool, slippage, fees, recipient, and maximum spend.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceMediumStatusConcern

SKILL.md

allowed-tools:\n  - Task(subagent_type:token-analyst)\n  - Task(subagent_type:pool-researcher)\n  - Task(subagent_type:risk-assessor)\n  - Task(subagent_type:trade-executor)

The skill delegates critical analysis and the final trade to named subagents, including a trade-executor, but the provided package contains only README.md and SKILL.md, so the high-impact delegated components are not visible in the artifacts.

User impactThe actual behavior and safeguards of the agents that decide and execute trades may come from outside the reviewed artifact set.

RecommendationPublish or reference the exact subagent definitions and versions, especially trade-executor and risk-assessor, and ensure they have independent review before installation.

Cascading Failures

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Each agent receives the accumulated findings from all prior agents. The risk-assessor doesn't just evaluate a swap in isolation -- it sees the token-analyst's liquidity warnings, the pool-researcher's depth analysis, and the exact trade size

The design intentionally propagates prior agent outputs into later decisions, and those decisions can lead to trade execution. Without a clear final human review, an upstream error can cascade into a financial action.

User impactBad token research, pool analysis, or context contamination could influence the risk gate and lead to an unintended trade.

RecommendationTreat each upstream report as untrusted input, add independent deterministic checks for pool, token, slippage, and spend limits, and require user confirmation before execution.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceMediumStatusConcern

metadata

Required env vars: none ... Primary credential: none ... Capability signals: No capability tags were derived.

For a skill whose documented workflow executes trades, the artifacts do not declare what wallet, account, signing credential, or delegated trading permission is required or how it is bounded.

User impactUsers may not understand which wallet or account authority the skill will use, what funds it can access, or how to limit that authority.

RecommendationDeclare the required wallet/trading capability and document strict limits such as allowed chains, maximum spend, signing approval flow, slippage caps, and whether every transaction requires user signing.