ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Multicall

v1.0.0

Analyze multicall operations. Use when you need to understand multicall mechanisms, evaluate protocol security, or reference on-chain concepts.

0· 57·0 current·0 all-time
byBytesAgain2@ckchzh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (analyze multicall operations) matches the provided script behavior: a CLI for adding, listing, searching, exporting, and configuring local 'multicall' entries. The optional MULTICALL_DIR config is proportional and relevant.
Instruction Scope
SKILL.md only instructs running the included scripts/script.sh commands. The script reads/writes files under the configurable data directory and does not reference unrelated system paths, credentials, or network endpoints.
Install Mechanism
There is no install spec (instruction-only skill) and the included code is a plain shell script. No downloads, package installs, or remote resources are fetched during install.
Credentials
No required environment variables or credentials are declared. The script honors an optional MULTICALL_DIR env var to change the data directory; this is reasonable for a local CLI tool.
Persistence & Privilege
The skill is not always-enabled and is user-invocable. It will create and modify files under the user data directory (default ~/.multicall). This is expected behavior but means data written by the tool persists on disk and could contain sensitive contents if you add them.
Assessment
This skill is a simple local CLI implemented as a Bash script that stores its data in a user directory (default ~/.multicall). It does not contact external endpoints or request credentials. Before installing or running: (1) inspect the script yourself (it is included) to confirm you are comfortable with it creating/modifying files under the data directory; (2) avoid adding secrets to entries stored by the tool; (3) if you prefer, set MULTICALL_DIR to a controlled location; (4) note that the agent can invoke the skill when asked — the skill will then read/write the configured data files. If any of those behaviors are unacceptable, do not install or run the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk97500gx180w80exhpzf3qtbm183b3zv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments