Uniswap Pool Analysis
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: uniswap-pool-analysis Version: 0.1.0 The skill bundle is designed for analyzing Uniswap pool data using standard blockchain interaction libraries (viem). All code snippets and instructions are aligned with the stated purpose of querying on-chain data. There is no evidence of malicious intent, such as data exfiltration, unauthorized execution, persistence mechanisms, or prompt injection attempts to manipulate the agent into harmful actions. The use of `process.env.ETHEREUM_RPC_URL` is a standard and necessary practice for configuring blockchain RPC endpoints and is not misused.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you provide an RPC endpoint or API key, the provider may see which chains and pool addresses are being queried.
The skill's example uses an RPC URL environment variable, which may embed a provider API key. This is purpose-aligned for on-chain reads, but it is not declared in the registry metadata.
transport: http(process.env.ETHEREUM_RPC_URL),
Use a trusted RPC provider, avoid exposing private endpoints unnecessarily, and prefer a clearly scoped environment variable declaration.
Installing from a moving branch could fetch different content later than what was reviewed here.
The README documents installation from a mutable GitHub branch via npx. This is user-directed and common for setup, but it is less reproducible than a pinned version or commit.
npx skills add https://github.com/wpank/Agentic-Uniswap/tree/main/.ai/skills/uniswap-pool-analysis
Install from ClawHub or a pinned commit/version when possible, and verify the source repository before installing.
The skill may not work as written outside its original repository, or an agent may look for local project config to resolve RPC and contract addresses.
The skill references a shared config path that is not included in the provided file manifest. This may be a documentation artifact from the source repo, but users should verify what config is being used.
Use the shared chain config from `packages/common/` to resolve:
Confirm the intended chain configuration source and review any local `packages/common/` config before relying on it.