Uniswap Setup Agent Wallet
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill has a coherent wallet-setup purpose, but it delegates crypto wallet creation and funding to an opaque subagent with unclear credential, funding, and approval boundaries.
Only use this after inspecting or trusting the wallet-provisioner subagent. Before running it, require an explicit plan showing provider, environment, chains, funding source, exact amounts, token allowlist, and spending limits. Use testnet or low-value funds first, scope/revoke provider credentials carefully, and verify that any .uniswap/agent-wallet.json file does not contain secrets.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could move funds into a new agent wallet or set spending authority more broadly than the user intended.
The skill combines broad defaults with a funding step; if the user omits details, the agent may configure and fund wallets across all supported chains without a documented approval checkpoint.
Apply defaults for any unspecified parameters ... `chains` ... Default `all` ... `spendingLimit` ... Default `$1000/day` ... `Fund`: Send gas tokens to the wallet on each requested chain
Require explicit user confirmation for provider, environment, chains, mainnet/testnet, source wallet, exact funding amounts, token allowlists, and daily/per-transaction limits before any wallet creation or funding.
Over-scoped or wrong-environment credentials could let the agent act on real provider accounts or source funds when the user expected a limited setup.
The workflow requires provider API credentials and access to a funded source wallet, but the artifacts do not define credential names, scopes, funding authority, or environment separation.
Provision: Create the wallet via the selected provider's API ... `PROVIDER_AUTH_FAILED` ... "Check API keys." ... `FUNDING_FAILED` ... "Insufficient source balance."
Declare required credentials and scopes, separate development and production keys, use least-privilege funding accounts, and require confirmation before using any credential or source wallet.
Provider credentials, wallet configuration, chain selections, and funding authority may be passed to another agent with unclear boundaries.
All sensitive wallet provisioning, policy configuration, and funding are delegated to a subagent whose implementation, permissions, data handling, and outputs are not included in the artifacts.
allowed-tools: [Task(subagent_type:wallet-provisioner)] ... The agent internally handles all provisioning steps and returns the final wallet configuration.
Include and review the wallet-provisioner subagent, define a strict input/output schema, prohibit secret leakage in results, and gate high-impact actions with explicit user approval.
Future changes to the branch could alter what is installed compared with the reviewed artifacts.
The documented install path pulls from a mutable GitHub branch via npx; this is a common install pattern, but it does not pin the exact code revision.
npx skills add https://github.com/wpank/Agentic-Uniswap/tree/main/.ai/skills/setup-agent-wallet
Prefer a pinned release or commit and verify the source before installing, especially for a skill that coordinates wallet and funding operations.