ClawHub

onchain contract token analysis

v1.0.0

Analyze smart contracts, token mechanics, permissions, fee flows, upgradeability, market risks, and likely attack surfaces for onchain projects. Use when rev...

0· 173·0 current·0 all-time
byRowan@0xrowan·duplicate of @0xrowan/onchain-contract-token-analysis
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description (contract/token security analysis) match the SKILL.md instructions. The guidance asks the agent to inspect contracts, ABIs, deployment scripts, addresses, and explorers — all logically required for onchain security reviews. There are no unrelated env vars, binaries, or install steps.
Instruction Scope
The instructions correctly direct the agent to inspect source, ABIs, deployment scripts, docs, and onchain state via explorers or chain queries when needed. This is appropriate for the task, but it does mean the agent will want access to workspace files and to query external blockchain explorers or RPC endpoints. The SKILL.md does not instruct the agent to read unrelated system files or environment secrets, and it cautions about not overclaiming conclusions.
Install Mechanism
No install spec or code is present (instruction-only). This is the lowest-risk install profile since nothing is written to disk or automatically fetched.
Credentials
The skill declares no required environment variables, credentials, or config paths. For its stated purpose, that is proportionate: onchain reads can be performed with public addresses and verified sources. There is no request for private keys, node credentials, or unrelated service tokens.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request persistent or elevated platform privileges. Autonomous invocation remains allowed by default (normal for skills) but is not combined with additional red flags.
Assessment
This skill is a checklist-style onchain audit and appears internally consistent. Before using it, avoid supplying private keys, wallet seed phrases, or RPC credentials — the skill doesn't need those. Prefer providing public contract addresses, verified source code, ABIs, and any relevant deployment metadata. Expect the agent to query public chain explorers or RPC endpoints to verify onchain state; if you have privacy concerns, restrict access to private repositories or endpoints. If you do not want the skill invoked autonomously by the agent, disable model invocation in the agent settings.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bmrte9kwy1he06fd6dar07n82xngv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍 Clawdis

Comments