ClawHub

onchain contract token analysis

v1.0.0

Analyze smart contracts, token mechanics, permissions, fee flows, upgradeability, market risks, and likely attack surfaces for onchain projects. Use when rev...

0· 170·0 current·0 all-time
byRowan@0xrowan·duplicate of @0xrowan/onchain-contract-token-analysis
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (onchain contract/token analysis) matches the SKILL.md content: the workflow, checks, and output format are all focused on smart-contract/token security and economics. There are no unrelated environment variables, binaries, or install steps requested that would be inappropriate for this purpose.
Instruction Scope
The instructions explicitly tell the agent to inspect source files, addresses, ABIs, deployment scripts, and docs and to verify state with current chain/explorer data when needed. This is coherent for a contract review, but it implies the agent will access repository files and external chain/explorer endpoints. The skill does not instruct the agent to read unrelated system files, but users should be aware that providing repo files or explorer credentials may expose sensitive data.
Install Mechanism
There is no install spec and no code files—this is instruction-only. That minimizes on-disk risk because nothing is downloaded or executed by the skill itself.
Credentials
The skill requests no environment variables or credentials, which is proportionate. However, the guidance expects access to live chain/explorer data; in practice you may need to provide read-only RPC endpoints or explorer API keys to get current state. Do not provide private keys or write-capable credentials; only supply minimal, read-only access if required.
Persistence & Privilege
always is false and there is no install or modification of other skills or system configuration. The skill can be invoked autonomously by the agent (default behavior) but that is normal and not excessive for this type of skill.
Assessment
This skill is an instruction-only analyzer for smart contracts and is internally consistent with that purpose. Before using it: (1) do not paste or provide private keys or write-capable RPC credentials—only provide read-only RPC or explorer API keys if necessary; (2) be aware the agent may read any source files, ABIs, or deployment scripts you give it, so avoid including unrelated sensitive files; (3) validate any high-impact findings yourself on-chain or via a trusted block explorer; (4) if you need to keep reviews private, run the agent in an isolated environment or provide a minimal, curated set of files and read-only chain access. If you want higher assurance, ask for the exact external endpoints the skill will query (explorer names or RPC hosts) before supplying credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c2mmcdah36tg566fkr941ss82tc9w

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍 Clawdis

Comments