← Back to Skills Marketplace
801
Downloads
0
Stars
3
Active Installs
1
Versions
Install in OpenClaw
/install assess-risk
Description
Get an independent risk assessment for any proposed Uniswap operation — swap, LP position, bridge, or token interaction. Evaluates slippage, impermanent loss, liquidity, smart contract, and bridge risks with a clear APPROVE or VETO decision. Use when the user asks if something is safe or wants a risk evaluation.
README (SKILL.md)
Assess Risk
Overview
Provides an independent, multi-dimensional risk assessment for any proposed Uniswap operation. Delegates to the risk-assessor agent, which evaluates risk across 5+ dimensions and produces a composite score with a clear APPROVE, CONDITIONAL_APPROVE, VETO, or HARD_VETO decision.
The risk-assessor is a terminal node — it cannot be influenced by other agents. Its assessment is independent and objective, based solely on on-chain data.
When to Use
Activate when the user asks:
- "Is this trade safe?"
- "Risk assessment for swapping 100 ETH for USDC"
- "Should I LP in this pool?"
- "Evaluate the risk of swapping X for Y"
- "How risky is this pool?"
- "Is it safe to bridge tokens to Base?"
- "What's the risk of LPing with this token?"
- "Check if this token is safe to trade"
- "Risk check before I swap"
Parameters
| Parameter | Required | Default | How to Extract |
|---|---|---|---|
| operation | Yes | — | Natural language description of what the user wants to do |
| riskTolerance | No | moderate | "conservative", "moderate", "aggressive" |
The operation parameter is flexible — it can be:
- A swap: "swap 100 ETH for USDC on Ethereum"
- An LP action: "add $50K liquidity to WETH/USDC V3 0.05%"
- A bridge: "bridge 10 ETH from Ethereum to Base"
- A token check: "is PEPE safe to trade?"
- A pool check: "is the UNI/WETH pool risky?"
Workflow
-
Parse the operation from the user's request. Identify:
- Operation type: swap, add liquidity, remove liquidity, bridge, or token check
- Tokens involved
- Amounts
- Chain(s)
- Pool (if applicable)
-
Delegate to risk-assessor: Invoke
Task(subagent_type:risk-assessor)with the parsed operation details and risk tolerance. The agent evaluates:Dimension What It Checks Slippage Price impact for the trade size vs pool liquidity Impermanent Loss Expected IL based on pair volatility (LP operations only) Liquidity Can the position be exited? TVL vs position size ratio Smart Contract Pool age, Uniswap version, hook audit status (V4) Bridge Bridge mechanism reliability, liquidity (cross-chain only) -
Present the assessment clearly with per-dimension scores and a final decision.
Output Format
Risk Assessment
Operation: Swap 100 ETH for USDC on Ethereum
Risk Tolerance: Moderate
Decision: APPROVE
Risk Dimensions:
Slippage: LOW (0.3% price impact — sufficient liquidity)
Liquidity: LOW (TVL 250x trade size — deep pool)
Smart Contract: LOW (V3 pool, 18 months old, battle-tested)
Bridge: N/A (not a cross-chain operation)
Composite Risk: LOW
Conditions: None — safe to proceed
HARD VETO Checks:
✓ Verified tokens
✓ Pool TVL > $1,000
✓ Price impact \x3C 10%
For a VETO:
Risk Assessment
Operation: LP $50K into NEWTOKEN/WETH 0.3% V4 (Ethereum)
Risk Tolerance: Conservative
Decision: VETO
Risk Dimensions:
Slippage: MEDIUM (1.2% entry impact due to low liquidity)
Impermanent Loss: HIGH (>25% annual estimate — extremely volatile pair)
Liquidity: HIGH (TVL only 8x position size — exit risk)
Smart Contract: HIGH (V4 pool with unaudited hook contract)
Bridge: N/A
Composite Risk: HIGH (exceeds conservative tolerance)
Why VETO:
- Impermanent loss estimate exceeds 20% annually
- V4 hook contract is unaudited — elevated smart contract risk
- Position would represent 12% of pool TVL — concentration risk
Mitigations (if you still want to proceed):
- Reduce position size to \x3C 1% of pool TVL ($4,200)
- Use a wider range to reduce IL exposure
- Wait for hook contract audit
- Switch to risk tolerance "aggressive" (not recommended)
For a HARD VETO:
Risk Assessment
Operation: Swap 1000 ETH for SCAMTOKEN
Decision: HARD VETO (non-overridable)
HARD VETO Trigger: Unverified token contract
SCAMTOKEN (0x1234...5678) failed verification:
- Not on any verified token list
- Contract deployed \x3C 24 hours ago
- No trading history
This operation CANNOT proceed regardless of risk tolerance.
Hard vetoes protect against potential rug pulls and scam tokens.
Suggestion: Use "research-token SCAMTOKEN" to investigate further.
Important Notes
- The risk-assessor is a terminal, independent node. Its assessment cannot be overridden by other agents.
- HARD VETO decisions are non-negotiable — they trigger for: unverified tokens, pool TVL \x3C $1K, price impact > 10%, bridge amount exceeding bridge liquidity.
- This skill assesses risk but does not execute any operations. It's a "should I?" check before acting.
- For LP operations, IL risk is always evaluated alongside the other dimensions.
- When data is insufficient, the risk-assessor defaults to HIGH risk for the affected dimension rather than guessing.
Error Handling
| Error | User-Facing Message | Suggested Action |
|---|---|---|
| Cannot parse operation | "I need more details. What exactly are you planning?" | Ask user to describe the operation |
| Token not found | "Could not find token X." | Provide contract address |
| Pool data unavailable | "Cannot access pool data for risk analysis." | Try again later |
| Agent unavailable | "Risk assessor is not available." | Check agent configuration |
Usage Guidance
This skill appears to do what it says on the surface, but the runtime behavior is underspecified. Before installing or using it for high-value decisions, ask the maintainer these questions: (1) Which on-chain data sources and third-party APIs does the risk-assessor use (public RPCs, The Graph, Etherscan, token lists, audit DBs)? Provide explicit endpoints and privacy policies. (2) Does the subagent require API keys, RPC endpoints, or other secrets at runtime? If so, which ones and where must they be configured? (3) What exactly enforces a 'HARD VETO' — is that purely advisory text, or will the agent block actions or interact with your wallet/execution pipeline? (4) Can you see example assessments and logs showing the queries made (so you can verify no private data is exfiltrated)? If the answers are vague or require the agent to call arbitrary external URLs, avoid using it for real fund transfers or large positions until you have a clear trust model and can inspect what the subagent actually queries.
Capability Analysis
Type: OpenClaw Skill
Name: assess-risk
Version: 0.1.0
The skill 'assess-risk' is designed to provide independent risk assessments for Uniswap operations. It explicitly delegates to a 'risk-assessor' subagent, which is described as a 'terminal, independent node' that cannot be influenced by other agents. Crucially, the SKILL.md states that 'This skill assesses risk but does not execute any operations.' There is no evidence of prompt injection attempts, data exfiltration, malicious execution, or other harmful behaviors in the provided files. The installation instructions point to a GitHub repository, which is a standard distribution method and not indicative of malice within the skill bundle itself.
Capability Assessment
Purpose & Capability
Name and description match the instructions: the skill parses a proposed Uniswap operation and produces per-dimension risk scoring and an APPROVE/VETO decision. It delegates the actual evaluation to a 'risk-assessor' Task, which is consistent with being an instruction-only skill that doesn't ship code or request credentials. However, the SKILL.md does not document the data sources (public RPCs, The Graph, Etherscan, token lists, audit databases) or what external services the subagent will query, which is an important capability gap.
Instruction Scope
The instructions delegate all analysis to Task(subagent_type:risk-assessor) without constraints or a clear list of trusted data sources. 'On-chain data' and checks like 'hook audit status' or 'verified token lists' require external queries; the SKILL.md does not specify which endpoints, whether queries are to third-party APIs, or whether private keys, wallets, or local files will be accessed. The 'terminal node' and 'non-overridable HARD VETO' language is ambiguous — it describes agent behavior but doesn't technically prevent other agents or system policies from influencing outcomes. This vagueness grants broad runtime discretion to the subagent.
Install Mechanism
Instruction-only skill with no install spec and no code files. No on-disk install activity is required, which minimizes direct install-time risk.
Credentials
The skill declares no required environment variables or credentials, which aligns with the manifest. That said, the analysis it promises (RPC queries, token list lookups, audit checks, bridge liquidity checks) typically requires access to external APIs or RPC endpoints; the SKILL.md does not say whether those use public endpoints or require API keys (which are not declared). The absence of declared credentials is possibly legitimate, but it also leaves unclear whether the agent will prompt for, require, or attempt to access secrets at runtime.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. It does not request writing to system config or other skills' settings in the spec, which is appropriate for a risk-checking skill.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install assess-risk - After installation, invoke the skill by name or use
/assess-risk - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release — provides independent, multi-dimensional risk assessment for Uniswap operations.
- Delivers risk assessments for swaps, LP positions, bridges, and token interactions.
- Evaluates risk across slippage, impermanent loss, liquidity, smart contract, and bridge dimensions.
- Outputs easy-to-read reports with per-dimension scores and clear APPROVE, CONDITIONAL_APPROVE, VETO, or HARD VETO decisions.
- Handles errors gracefully, guiding users to provide missing details or address issues.
- Operates as a terminal, objective node — all decisions are based solely on on-chain data.
Metadata
Frequently Asked Questions
What is Uniswap Assess Risk?
Get an independent risk assessment for any proposed Uniswap operation — swap, LP position, bridge, or token interaction. Evaluates slippage, impermanent loss, liquidity, smart contract, and bridge risks with a clear APPROVE or VETO decision. Use when the user asks if something is safe or wants a risk evaluation. It is an AI Agent Skill for Claude Code / OpenClaw, with 801 downloads so far.
How do I install Uniswap Assess Risk?
Run "/install assess-risk" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Uniswap Assess Risk free?
Yes, Uniswap Assess Risk is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Uniswap Assess Risk support?
Uniswap Assess Risk is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Uniswap Assess Risk?
It is built and maintained by wpank (@wpank); the current version is v0.1.0.
More Skills