ClawHub

onchain contract token analysis

v1.0.0

Analyze smart contracts, token mechanics, permissions, fee flows, upgradeability, market risks, and likely attack surfaces for onchain projects. Use when rev...

0· 184·0 current·0 all-time
byRowan@0xrowan·duplicate of @0xrowan/onchain-contract-token-analysis
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description (contract/token analysis) match the SKILL.md content. All guidance focuses on onchain artifacts (contracts, ABIs, deployment scripts, addresses, fee flows, roles, upgradeability), so there are no unrelated capabilities requested.
Instruction Scope
The instructions are scoped to analyzing onchain code, roles, fee flows, upgradeability, attack surfaces, and market risks. They ask the agent to infer scope from provided files/ABIs/addresses and to verify live state from chain or explorer data when needed — which is appropriate for this task. The skill does not instruct reading unrelated local files, environment secrets, or posting data to unexpected external endpoints.
Install Mechanism
No install spec and no code files — instruction-only. This minimizes disk writes and arbitrary code execution risk.
Credentials
The skill declares no required environment variables, credentials, or config paths. The analysis workflows mention using public chain/explorer data, which is consistent with not requesting secrets.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request elevated or persistent privileges or to modify other skills or system settings.
Assessment
This skill appears coherent and low‑risk because it is instruction-only and requests no secrets or installs. Before using it, provide concrete, public inputs (contract source or verified address, chain, ABIs, explorer links) and avoid pasting private keys or any non-public credentials. If you expect the agent to query block explorers or RPC nodes, consider giving read‑only RPC/Explorer API access (if required by your environment) rather than any secret admin keys. Finally, treat the analysis as advisory: always cross-check critical claims against source code and on‑chain state yourself or with an auditor.

Like a lobster shell, security has layers — review code before you run it.

latestvk972srtj963kxzaa8x6drjh0kd82v3xy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍 Clawdis

Comments