ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Uniswap Self Funding Setup

v0.1.0

Set up a complete self-funding agent lifecycle in one command. Orchestrates 5 agents to take an agent from zero to self-sustaining: provisions wallet, optionally deploys token with V4 pool, configures treasury management, registers identity on ERC-8004, and sets up x402 micropayments. Use when user wants to make their agent self-funding, earn and manage its own revenue, or configure autonomous agent operations end-to-end.

0· 770·1 current·1 all-time
by@wpank
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description match the SKILL.md: this is an orchestrator that chains five specialized subagents (wallet provisioning, token deployer, treasury manager, identity verifier, x402 configurator). Requesting no local binaries or installs is consistent for an instruction-only orchestrator. However, the skill performs on-chain economic operations (wallet creation, funding, token deploy, Uniswap V4 pool creation, locking LP tokens, configuring payments) that normally require private keys, provider/API credentials, and user confirmation — yet the skill declares no required credentials or config paths. That gap is notable but could be explained if those credentials are expected to be supplied/managed by the delegated subagents (Task(subagent_type:...)).
!
Instruction Scope
SKILL.md orchestrates actions that move money and create on-chain assets (funding wallets, deploying tokens, bootstrapping liquidity, locking tokens). Allowed tools include Read, Write, Edit, Glob, Grep — broad filesystem access that is not scoped or justified in the document. The instructions imply the agent will persist and pass sensitive outputs (wallet addresses, private signing capabilities) between steps but do not specify how secrets are handled, whether private keys are ever read from disk, or whether explicit user confirmations are required before spending funds. There is also mention of Privy/Turnkey APIs and Uniswap operations but no explicit network endpoints or telemetry controls in the orchestration instructions.
Install Mechanism
Instruction-only skill with no install spec and no code files; nothing is downloaded or written to disk by an installer. This is the lowest-risk install surface from a malware/download perspective.
!
Credentials
The skill declares no required environment variables or primary credential, yet the workflow requires secret material (wallet keys, provider API keys) and will perform transactions that cost real funds. This mismatch is concerning: either (a) the subagents will request/manage credentials at runtime (plausible), or (b) the orchestrator will read secrets via its broad filesystem permissions. The allowed Read/Write/Glob/Grep permissions increase the risk that local secrets could be accessed without being declared. Also, no provenance or homepage is provided to verify where credential-handling logic lives.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request permanent inclusion. The skill delegates work to subagents (Task(...)) which can run autonomously per platform defaults — that increases blast radius for any subagent that does have credential access, but autonomous invocation is the platform norm and not a standalone flag here.
What to consider before installing
This skill orchestrates real financial operations (creating wallets, funding them, deploying tokens, creating liquidity pools, and locking funds). Before installing or running it: 1) Verify the publisher/source (no homepage or upstream repo is provided here). 2) Understand where private keys and API credentials will be supplied and ensure you control them — do not allow the skill to read your local key files unless you audit how it stores/transmits them. 3) Expect real transactions and gas costs; run in dev/testnets first and confirm all steps manually before committing mainnet funds. 4) Ask how the delegated subagents handle signing and confirmations; require explicit user prompts for any on-chain spend. 5) Limit the skill's filesystem permissions if possible (avoid letting it Read/Glob your home/.ethereum, /.privy, or other credential directories). 6) If you need higher assurance, request the full code or an auditable implementation of each subagent and review how secrets are passed between steps.

Like a lobster shell, security has layers — review code before you run it.

latestvk975a2pgz2kh0tdjfd6e21g36x80w9vf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments