Uniswap Swap Simulation
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user installs from the remote command, they are trusting the current contents of that remote source.
The README documents installing from a remote GitHub path via npx. This is a normal install pattern, but the path references a branch rather than a fixed commit, so users should verify the source they install.
npx skills add https://github.com/wpank/Agentic-Uniswap/tree/main/.ai/skills/uniswap-swap-simulation
Prefer the published registry version or verify/pin the GitHub source before installing.
For sensitive or large planned trades, quote requests could reveal trading intent to the RPC provider used for simulation.
The simulation examples use a blockchain client/RPC call with swap parameters. This is read-only and purpose-aligned, but an RPC provider may see the queried tokens and amounts.
import { createPublicClient, http, encodeFunctionData } from "viem"; ... const quote = await client.readContract({ ... args: [{ tokenIn, tokenOut, amountIn, fee, ... }] });Use a trusted or private RPC provider for sensitive simulations, as the skill itself also recommends for large swaps.