Uniswap Self Funding Setup
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: self-funding-setup Version: 0.1.0 The skill is designed for high-privilege operations involving on-chain assets and financial transactions, including wallet provisioning, token deployment, and treasury management. While its stated purpose appears legitimate and includes some safety features, the `SKILL.md` grants the agent broad file system access tools (`Read`, `Write`, `Edit`, `Glob`, `Grep`) via its `allowed-tools` list. Although the skill's workflow only explicitly uses `Write` for specific, legitimate files, the unconstrained presence of `Read`, `Edit`, `Glob`, and `Grep` without explicit usage or path limitations in the workflow creates a significant vulnerability to prompt injection. A malicious user could potentially instruct the agent to misuse these tools for unauthorized data access or manipulation, classifying it as 'suspicious' due to risky capabilities without clear malicious intent within the skill itself.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A broad request could lead to wallet funding, token deployment, liquidity setup, treasury rules, identity registration, and payment configuration with real financial or public blockchain effects.
This shows a broad multi-agent workflow that can make financial and on-chain changes. The provided artifacts do not show explicit approval gates, transaction review, or spending limits for each high-impact step.
“Orchestrates 5 specialized agents in sequence ... wallet, optional token, treasury management, on-chain identity, and payment acceptance -- in a single command.”
Require explicit user confirmation for each transaction and policy change. Use a test environment first, review generated addresses/contracts, and set hard spending and chain limits before any production run.
If the agent receives access to wallet credentials, provider accounts, or funds, mistakes or overbroad policies could put assets at risk.
The skill involves delegated wallet signing authority, funding, and spending-policy configuration. That is purpose-aligned, but the provided metadata declares no primary credential, env vars, or config paths, so the credential and funding boundaries are not clear.
“walletProvider ... privy (dev) / turnkey (production) / safe (max security)” and “Provision wallet with signing capabilities ... Configure spending policies ... Fund with gas (2x estimated need)”
Use dedicated low-balance wallets and least-privilege provider credentials. Confirm the exact funding source, wallet provider, permitted chains, daily spend limits, and revocation/backup process before use.
The visible skill may appear simple, while the actual wallet, token, treasury, and identity operations depend on other agents whose instructions and safeguards are not shown here.
The skill delegates the important work to named subagents. The provided package contains only README.md and SKILL.md, so the behavior and provenance of those high-impact subagents cannot be reviewed from these artifacts.
“allowed-tools: - Task(subagent_type:wallet-provisioner) - Task(subagent_type:token-deployer) - Task(subagent_type:treasury-manager) - Task(subagent_type:identity-verifier)”
Review and install the referenced subagents from trusted sources before using this composite skill, especially for production wallets or real funds.
A mistake in an early wallet, token, or configuration step could affect later treasury, identity, and payment setup, and some completed blockchain actions may not be reversible.
The workflow intentionally chains outputs across stages and preserves earlier changes after later failures. For on-chain financial setup, that can leave partial, persistent infrastructure if a later step fails or a bad parameter propagates.
“Each agent receives the output of all prior agents” and “If Step 3 fails, Steps 1 and 2 are still valid and preserved.”
Use staged execution with dry runs and checkpoints. Confirm every intermediate address, contract, chain, and policy before allowing the next stage to proceed.