ClawHub

onchain contract token analysis

v1.0.0

Analyze smart contracts, token mechanics, permissions, fee flows, upgradeability, market risks, and likely attack surfaces for onchain projects. Use when rev...

0· 164·0 current·0 all-time
byRowan@0xrowan·duplicate of @0xrowan/onchain-contract-token-analysis
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, and the SKILL.md all focus on auditing smart contracts, token mechanics, permissions, fee flows, upgradeability, and attack surfaces. Nothing requested (no env vars, no binaries, no installs) is unrelated to that purpose.
Instruction Scope
The runtime instructions ask the agent to inspect source/ABIs/addresses/deployment scripts and, when needed, verify live chain state via explorers or nodes. The skill does not instruct reading arbitrary host files or secrets, but it assumes the agent can access external chain data (explorer/node APIs) when required.
Install Mechanism
No install spec or code files are present (instruction-only), so nothing is written to disk or fetched at install time.
Credentials
The skill declares no required environment variables or credentials. However, some usage paths (verifying live chain state) commonly require explorer/node API keys (e.g., Etherscan, Alchemy, Infura). That is reasonable, but such keys are not requested or enforced by the skill itself.
Persistence & Privilege
always is false and there is no install that modifies system or other skills. The skill does not request persistent presence or elevated privileges.
Assessment
This skill appears coherent for on‑chain contract/token audits and is low-risk as it asks for nothing upfront. Before installing or invoking it: (1) avoid providing private keys or wallet secrets — only share source code, ABIs, addresses, and read‑only explorer/API keys if needed; (2) prefer read‑only API keys (rate‑limited) for Etherscan/Alchemy/Infura rather than full node credentials; (3) understand the agent may make network requests to public explorers or nodes to verify live state; and (4) if you need the agent to perform on‑chain transactions or sign anything, treat that as out of scope and never provide signing keys to the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk9739ejp44d9gmcgdcz22ze6wd82tkaj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍 Clawdis

Comments