Uniswap Pool Analysis
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is aligned with read-only Uniswap pool analysis, with minor setup and provenance notes but no evidence of malicious or high-impact behavior.
This skill appears safe for read-only Uniswap analysis. Before installing, verify the source if using the GitHub npx command, prefer a pinned version, and provide only the RPC endpoint or API key you intend the agent to use.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you provide an RPC endpoint or API key, the provider may see which chains and pool addresses are being queried.
The skill's example uses an RPC URL environment variable, which may embed a provider API key. This is purpose-aligned for on-chain reads, but it is not declared in the registry metadata.
transport: http(process.env.ETHEREUM_RPC_URL),
Use a trusted RPC provider, avoid exposing private endpoints unnecessarily, and prefer a clearly scoped environment variable declaration.
Installing from a moving branch could fetch different content later than what was reviewed here.
The README documents installation from a mutable GitHub branch via npx. This is user-directed and common for setup, but it is less reproducible than a pinned version or commit.
npx skills add https://github.com/wpank/Agentic-Uniswap/tree/main/.ai/skills/uniswap-pool-analysis
Install from ClawHub or a pinned commit/version when possible, and verify the source repository before installing.
The skill may not work as written outside its original repository, or an agent may look for local project config to resolve RPC and contract addresses.
The skill references a shared config path that is not included in the provided file manifest. This may be a documentation artifact from the source repo, but users should verify what config is being used.
Use the shared chain config from `packages/common/` to resolve:
Confirm the intended chain configuration source and review any local `packages/common/` config before relying on it.