ClawHub

onchain contract token analysis

v1.0.0

Analyze smart contracts, token mechanics, permissions, fee flows, upgradeability, market risks, and likely attack surfaces for onchain projects. Use when rev...

0· 208·0 current·0 all-time
byRowan@0xrowan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, and detailed SKILL.md all focus on analyzing smart contracts, token mechanics, permissions, fee flows, upgradeability, and attack surfaces. There are no unrelated environment variables, binaries, or install steps requested that would be disproportionate to this purpose.
Instruction Scope
The instructions correctly describe how to analyze source/ABIs, trace flows, and check upgradeability. They ask the agent to infer scope from files, addresses, ABIs, deployment scripts, or docs and to verify live chain/explorer data when needed — which is appropriate for the task but means the agent may perform network queries or read repository files to collect context. The SKILL.md does not instruct reading unrelated system files or exfiltrating secrets.
Install Mechanism
No install spec or code files are present; this is instruction-only, so nothing is written to disk or downloaded during install.
Credentials
The skill requests no environment variables or credentials. In practice, useful runtime checks (node/provider APIs, explorer APIs) might require keys that are not declared here — this is not inherently malicious but means the agent or user may need to supply third‑party API keys outside the skill manifest.
Persistence & Privilege
always is false and the skill is user‑invocable. It does not request persistent system presence or modify other skills' configurations.
Assessment
This skill is coherent and appears to only guide the agent on how to analyze on‑chain contracts. Before installing or enabling it: (1) confirm your agent's network and repository file access policies — the skill expects the agent may fetch live chain/explorer data and read repo files for ABIs/deployment scripts; (2) do not provision unrelated credentials (AWS, generic secrets) to the agent just to accommodate the skill — if you need explorer/provider APIs, supply only the specific API keys you trust; (3) treat the skill's findings as heuristics: it warns against calling things malicious without code evidence, so manual verification against on‑chain data and source code is still advised.

Like a lobster shell, security has layers — review code before you run it.

latestvk971fqqp5tng7jn9ag3yenwaqn82rzjh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍 Clawdis

Comments