Modern Ethereum & EVM Developer
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: eth-dev Version: 1.0.0 The OpenClaw AgentSkills bundle is benign. It provides comprehensive, up-to-date, and security-conscious documentation and code examples for Ethereum dApp development. Crucially, the `wallets`, `orchestration`, and `security` skills contain extensive and explicit warnings against common vulnerabilities and malicious practices (e.g., 'NEVER COMMIT SECRETS TO GIT', 'CRITICAL Guardrails for AI Agents', reentrancy, oracle manipulation), offering defensive code patterns and checklists. There is no evidence of prompt injection designed to subvert the agent, obfuscation, or intent for data exfiltration or unauthorized execution; all commands and external links are legitimate and aligned with secure blockchain development.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent fetches those files, it may rely on content that was not included in this review.
The skill directs the agent to fetch external SKILL.md files from a remote domain. This is aligned with a modular documentation skill, but those remote instructions are not pinned in the reviewed artifact and may change later.
For individual topics, fetch any of these directly: ... https://ethskills.com/why/SKILL.md ... https://ethskills.com/security/SKILL.md
Treat remotely fetched skill files as unreviewed content unless the user explicitly approves them; prefer pinned or reviewed copies for sensitive work.
A user could accidentally allow an agent with wallet access to spend funds, sign transactions, or interact with contracts without enough review.
The skill discusses autonomous Ethereum payments and agent transactions. This is purpose-aligned educational content, but it would become high-impact if combined with wallet/signing tools or real funds.
Agent calls endpoint → gets 402 → signs EIP-3009 payment → retries with payment header ... Fully autonomous economic loop — no humans required.
Use testnets or isolated wallets for development, set spending limits, and require explicit user confirmation before any real transaction, deployment, or payment.