Chromia Skill
v0.1.0Guides AI agents through Chromia blockchain dApp development using the Rell language, Chromia CLI (chr), and Postchain nodes. Covers chromia.yml configuratio...
⭐ 1· 58·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the content: everything is about Chromia, Rell, chr, and Postchain clients. The only required binary (chr) is appropriate for the stated tasks; included references/docs align with the described features (FT4, ICCF, ICMF, Filehub, EIF, etc.).
Instruction Scope
The SKILL.md instructs agents to generate and read keypairs stored under ~/.chromia and to ask users to place private keys into a .env (e.g., ADMIN_PRIVKEY) and to cat ~/.chromia/<name>.pubkey. Those are legitimate deployment steps, but they involve handling sensitive files/secret material. The skill's runtime instructions therefore reference reading/writing local secret files and environment files — this is within scope for deployment workflows but increases sensitive-surface area and should be done carefully.
Install Mechanism
Instruction-only skill with no install spec and no code files. This is the lowest-risk install model; nothing is downloaded or written by the skill itself.
Credentials
The registry metadata lists no required environment variables or config paths, yet the instructions explicitly tell the user/agent to read ~/.chromia key files and to store private keys in a .env variable (ADMIN_PRIVKEY). Requesting or handling private keys is expected for deployment, but the metadata could more clearly declare these config/secret requirements. No unrelated third-party credentials are requested.
Persistence & Privilege
always:false and no install-time persistence. The skill can be invoked autonomously by the agent (platform default), which is expected for skills; this is not combined with other privileged behavior.
Scan Findings in Context
[no_findings] expected: The regex-based scanner found nothing to analyze because this is an instruction-only skill; the security surface is the SKILL.md itself.
Assessment
This skill is a documentation/assistant for Chromia dApp development and is generally coherent with that purpose. Before using it: ensure the chr CLI you run comes from an official source; never paste your private keys into untrusted UIs or chats; follow the guide's advice to keep private keys in files (e.g., ~/.chromia/<name>) and to add any .env containing secrets to .gitignore, but consider using a dedicated secret manager instead of plaintext .env for production. Be aware the instructions expect the agent or you to read local key files (~/.chromia) — grant that access only when you trust the environment and the agent action. If you want stronger guarantees, ask for the skill's provenance or for an explicit declaration of the config paths / env vars it will access.Like a lobster shell, security has layers — review code before you run it.
latestvk977n7m2gam53jy136qqv2njr584js6h
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
shield Clawdis
Binschr