ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Slither Audit

v0.4.0

Run slither static analysis on Solidity contracts. Fast, lightweight security scanner for EVM smart contracts.

0· 565·2 current·2 all-time
by@aviclaw
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Slither static analysis) matches the included script and prompts. Minor inconsistency: the skill metadata lists no required binaries, but both SKILL.md and slither-audit.py expect a local 'slither' CLI to be installed (SKILL.md suggests 'pip install slither-analyzer'). This is expected for the stated purpose but the binary requirement is not declared in the metadata.
Instruction Scope
SKILL.md and detect.md clearly limit operations to local Solidity files and local analysis. The Python script only validates that the target path exists and runs the Slither binary; it does not read or transmit other system files, environment variables, or external endpoints. detect.md is an analysis prompt and does not introduce network calls.
Install Mechanism
There is no formal install spec in the registry (instruction-only). SKILL.md instructs the user to run 'pip install slither-analyzer' and then run the included script. That is a normal, low-risk approach but means installation of third-party packages happens outside the skill's manifest; users should verify the pip package source and version before installing.
Credentials
The skill requests no environment variables, credentials, or config paths. The script does not access secrets or unrelated environment state. The lack of credential requests is proportionate to a local static-analysis tool.
Persistence & Privilege
The skill does not request always: true, does not modify other skill configs, and has no persistent agent privileges. It runs only when invoked and performs local analysis.
Assessment
This skill appears to do what it claims: run Slither on local Solidity sources and produce a report. Before installing/using it: (1) install the Slither CLI (SKILL.md suggests 'pip install slither-analyzer') from a trusted source and confirm the correct package name and version; (2) be aware the script invokes the 'slither' subprocess on files you provide — running analysis on untrusted code carries the usual risks of executing third-party tools; (3) the skill's metadata does not declare the required 'slither' binary, so ensure the binary is available on PATH; (4) review the pip package and Slither project's repository for reputation and updates. If you need an explicit install in a controlled environment, prefer installing Slither in a virtualenv or sandbox before running this skill.

Like a lobster shell, security has layers — review code before you run it.

auditvk97bnsxrdcee7j2knmee17spyx81h8vjlatestvk9754s866j681832c6y12dks8s81gwpnsecurityvk97bnsxrdcee7j2knmee17spyx81h8vjsolidityvk97bnsxrdcee7j2knmee17spyx81h8vj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments