Blast
v2.0.1Use when exploring Blast L2 chain features, understanding native yield mechanics, comparing gas costs, bridging assets, or discovering Blast ecosystem projec...
⭐ 0· 97·0 current·0 all-time
byBytesAgain2@ckchzh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the provided assets: SKILL.md documents Blast L2 use-cases and the included scripts/script.sh implements the listed commands (overview, yield, gas, bridge, ecosystem, help). Nothing requested (no env vars, no external binaries) is unrelated to the stated purpose.
Instruction Scope
SKILL.md instructs the agent to run the included local shell script (bash scripts/script.sh <command>) which only prints informational text. The instructions do not ask the agent to read arbitrary user files, access system credentials, or transmit data to external endpoints. URLs and addresses are printed for user reference only.
Install Mechanism
There is no install spec (lowest risk). However, the skill includes an executable shell script that the agent is expected to run. Executing bundled code is normal for instruction-only skills but the user should review the script before permitting execution. The script contains no downloads, extracts, or remote installers.
Credentials
The skill declares no required environment variables, no primary credential, and no config paths. The script does not read environment variables or secret files. Credential/secret access is proportionate (none required).
Persistence & Privilege
always is false and the skill does not request persistent/system-level privileges. It does not modify other skills or agent configuration. Autonomous invocation is allowed by platform defaults but not elevated by this skill.
Assessment
This skill appears to be a benign, self-contained documentation helper that runs a bundled shell script to print information about the Blast L2 chain. Before installing or running it: (1) review scripts/script.sh yourself to confirm you’re comfortable executing it (it currently only prints text and contains no network calls or secret access); (2) never paste private keys or secrets into prompts when experimenting with bridging or RPC examples shown in the output; (3) verify any RPC URLs or contract addresses printed by the skill against official sources before using them in wallets or transactions; and (4) periodically re-check the skill if updates are published, since bundled scripts can change over time.Like a lobster shell, security has layers — review code before you run it.
latestvk975nnwa72qkbmq5n6r31zm70x83m5cm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.