功能描述

Get an independent risk assessment for any proposed Uniswap operation — swap, LP position, bridge, or token interaction. Evaluates slippage, impermanent loss, liquidity, smart contract, and bridge risks with a clear APPROVE or VETO decision. Use when the user asks if something is safe or wants a risk evaluation.

使用说明 (SKILL.md)

Assess Risk

Name: Uniswap Assess Risk
Author: wpank

Overview

Provides an independent, multi-dimensional risk assessment for any proposed Uniswap operation. Delegates to the risk-assessor agent, which evaluates risk across 5+ dimensions and produces a composite score with a clear APPROVE, CONDITIONAL_APPROVE, VETO, or HARD_VETO decision.

The risk-assessor is a terminal node — it cannot be influenced by other agents. Its assessment is independent and objective, based solely on on-chain data.

When to Use

Activate when the user asks:

"Is this trade safe?"
"Risk assessment for swapping 100 ETH for USDC"
"Should I LP in this pool?"
"Evaluate the risk of swapping X for Y"
"How risky is this pool?"
"Is it safe to bridge tokens to Base?"
"What's the risk of LPing with this token?"
"Check if this token is safe to trade"
"Risk check before I swap"

Parameters

Parameter	Required	Default	How to Extract
operation	Yes	—	Natural language description of what the user wants to do
riskTolerance	No	moderate	"conservative", "moderate", "aggressive"

The operation parameter is flexible — it can be:

A swap: "swap 100 ETH for USDC on Ethereum"
An LP action: "add $50K liquidity to WETH/USDC V3 0.05%"
A bridge: "bridge 10 ETH from Ethereum to Base"
A token check: "is PEPE safe to trade?"
A pool check: "is the UNI/WETH pool risky?"

Workflow

Parse the operation from the user's request. Identify:
- Operation type: swap, add liquidity, remove liquidity, bridge, or token check
- Tokens involved
- Amounts
- Chain(s)
- Pool (if applicable)

Delegate to risk-assessor: Invoke Task(subagent_type:risk-assessor) with the parsed operation details and risk tolerance. The agent evaluates:

Dimension	What It Checks
Slippage	Price impact for the trade size vs pool liquidity
Impermanent Loss	Expected IL based on pair volatility (LP operations only)
Liquidity	Can the position be exited? TVL vs position size ratio
Smart Contract	Pool age, Uniswap version, hook audit status (V4)
Bridge	Bridge mechanism reliability, liquidity (cross-chain only)

Present the assessment clearly with per-dimension scores and a final decision.

Output Format

Risk Assessment

  Operation: Swap 100 ETH for USDC on Ethereum
  Risk Tolerance: Moderate
  Decision: APPROVE

  Risk Dimensions:
    Slippage:        LOW  (0.3% price impact — sufficient liquidity)
    Liquidity:       LOW  (TVL 250x trade size — deep pool)
    Smart Contract:  LOW  (V3 pool, 18 months old, battle-tested)
    Bridge:          N/A  (not a cross-chain operation)

  Composite Risk: LOW
  
  Conditions: None — safe to proceed

  HARD VETO Checks:
    ✓ Verified tokens
    ✓ Pool TVL > $1,000
    ✓ Price impact \x3C 10%

For a VETO:

Risk Assessment

  Operation: LP $50K into NEWTOKEN/WETH 0.3% V4 (Ethereum)
  Risk Tolerance: Conservative
  Decision: VETO

  Risk Dimensions:
    Slippage:        MEDIUM  (1.2% entry impact due to low liquidity)
    Impermanent Loss: HIGH   (>25% annual estimate — extremely volatile pair)
    Liquidity:       HIGH    (TVL only 8x position size — exit risk)
    Smart Contract:  HIGH    (V4 pool with unaudited hook contract)
    Bridge:          N/A

  Composite Risk: HIGH (exceeds conservative tolerance)

  Why VETO:
    - Impermanent loss estimate exceeds 20% annually
    - V4 hook contract is unaudited — elevated smart contract risk
    - Position would represent 12% of pool TVL — concentration risk

  Mitigations (if you still want to proceed):
    - Reduce position size to \x3C 1% of pool TVL ($4,200)
    - Use a wider range to reduce IL exposure
    - Wait for hook contract audit
    - Switch to risk tolerance "aggressive" (not recommended)

For a HARD VETO:

Risk Assessment

  Operation: Swap 1000 ETH for SCAMTOKEN
  Decision: HARD VETO (non-overridable)

  HARD VETO Trigger: Unverified token contract
  
  SCAMTOKEN (0x1234...5678) failed verification:
    - Not on any verified token list
    - Contract deployed \x3C 24 hours ago
    - No trading history

  This operation CANNOT proceed regardless of risk tolerance.
  Hard vetoes protect against potential rug pulls and scam tokens.

  Suggestion: Use "research-token SCAMTOKEN" to investigate further.

Important Notes

The risk-assessor is a terminal, independent node. Its assessment cannot be overridden by other agents.
HARD VETO decisions are non-negotiable — they trigger for: unverified tokens, pool TVL \x3C $1K, price impact > 10%, bridge amount exceeding bridge liquidity.
This skill assesses risk but does not execute any operations. It's a "should I?" check before acting.
For LP operations, IL risk is always evaluated alongside the other dimensions.
When data is insufficient, the risk-assessor defaults to HIGH risk for the affected dimension rather than guessing.

Error Handling

Error	User-Facing Message	Suggested Action
Cannot parse operation	"I need more details. What exactly are you planning?"	Ask user to describe the operation
Token not found	"Could not find token X."	Provide contract address
Pool data unavailable	"Cannot access pool data for risk analysis."	Try again later
Agent unavailable	"Risk assessor is not available."	Check agent configuration

安全使用建议

This skill appears to do what it says on the surface, but the runtime behavior is underspecified. Before installing or using it for high-value decisions, ask the maintainer these questions: (1) Which on-chain data sources and third-party APIs does the risk-assessor use (public RPCs, The Graph, Etherscan, token lists, audit DBs)? Provide explicit endpoints and privacy policies. (2) Does the subagent require API keys, RPC endpoints, or other secrets at runtime? If so, which ones and where must they be configured? (3) What exactly enforces a 'HARD VETO' — is that purely advisory text, or will the agent block actions or interact with your wallet/execution pipeline? (4) Can you see example assessments and logs showing the queries made (so you can verify no private data is exfiltrated)? If the answers are vague or require the agent to call arbitrary external URLs, avoid using it for real fund transfers or large positions until you have a clear trust model and can inspect what the subagent actually queries.

功能分析

Type: OpenClaw Skill Name: assess-risk Version: 0.1.0 The skill 'assess-risk' is designed to provide independent risk assessments for Uniswap operations. It explicitly delegates to a 'risk-assessor' subagent, which is described as a 'terminal, independent node' that cannot be influenced by other agents. Crucially, the SKILL.md states that 'This skill assesses risk but does not execute any operations.' There is no evidence of prompt injection attempts, data exfiltration, malicious execution, or other harmful behaviors in the provided files. The installation instructions point to a GitHub repository, which is a standard distribution method and not indicative of malice within the skill bundle itself.

能力评估

ℹ Purpose & Capability

Name and description match the instructions: the skill parses a proposed Uniswap operation and produces per-dimension risk scoring and an APPROVE/VETO decision. It delegates the actual evaluation to a 'risk-assessor' Task, which is consistent with being an instruction-only skill that doesn't ship code or request credentials. However, the SKILL.md does not document the data sources (public RPCs, The Graph, Etherscan, token lists, audit databases) or what external services the subagent will query, which is an important capability gap.

⚠ Instruction Scope

The instructions delegate all analysis to Task(subagent_type:risk-assessor) without constraints or a clear list of trusted data sources. 'On-chain data' and checks like 'hook audit status' or 'verified token lists' require external queries; the SKILL.md does not specify which endpoints, whether queries are to third-party APIs, or whether private keys, wallets, or local files will be accessed. The 'terminal node' and 'non-overridable HARD VETO' language is ambiguous — it describes agent behavior but doesn't technically prevent other agents or system policies from influencing outcomes. This vagueness grants broad runtime discretion to the subagent.

✓ Install Mechanism

Instruction-only skill with no install spec and no code files. No on-disk install activity is required, which minimizes direct install-time risk.

ℹ Credentials

The skill declares no required environment variables or credentials, which aligns with the manifest. That said, the analysis it promises (RPC queries, token list lookups, audit checks, bridge liquidity checks) typically requires access to external APIs or RPC endpoints; the SKILL.md does not say whether those use public endpoints or require API keys (which are not declared). The absence of declared credentials is possibly legitimate, but it also leaves unclear whether the agent will prompt for, require, or attempt to access secrets at runtime.

✓ Persistence & Privilege

The skill does not request always:true and is user-invocable only. It does not request writing to system config or other skills' settings in the spec, which is appropriate for a risk-checking skill.

版本历史

v0.1.0

Initial release — provides independent, multi-dimensional risk assessment for Uniswap operations. - Delivers risk assessments for swaps, LP positions, bridges, and token interactions. - Evaluates risk across slippage, impermanent loss, liquidity, smart contract, and bridge dimensions. - Outputs easy-to-read reports with per-dimension scores and clear APPROVE, CONDITIONAL_APPROVE, VETO, or HARD VETO decisions. - Handles errors gracefully, guiding users to provide missing details or address issues. - Operates as a terminal, objective node — all decisions are based solely on on-chain data.

元数据

Slug assess-risk

版本 0.1.0

许可证 —

累计安装 3

当前安装数 3

历史版本数 1

常见问题

Uniswap Assess Risk 是什么？

Get an independent risk assessment for any proposed Uniswap operation — swap, LP position, bridge, or token interaction. Evaluates slippage, impermanent loss, liquidity, smart contract, and bridge risks with a clear APPROVE or VETO decision. Use when the user asks if something is safe or wants a risk evaluation. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 801 次。

如何安装 Uniswap Assess Risk？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install assess-risk」即可一键安装，无需额外配置。

Uniswap Assess Risk 是免费的吗？

是的，Uniswap Assess Risk 完全免费（开源免费），可自由下载、安装和使用。

Uniswap Assess Risk 支持哪些平台？

Uniswap Assess Risk 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Uniswap Assess Risk？

由 wpank（@wpank）开发并维护，当前版本 v0.1.0。

Uniswap Assess Risk