Arbitrum Dapp Skill

Opinionated guide for building dApps on Arbitrum using Stylus (Rust) and/or Solidity. Covers local devnode setup, contract development, testing, deployment, and React frontend integration with viem. Use when starting a new Arbitrum project, writing Stylus or Solidity contracts, deploying to Arbitrum, or building a frontend that interacts with Arbitrum contracts.

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 0 · 1.6k · 1 current installs · 1 all-time installs

by@hummusonrails

MIT-0

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

The name/description (Arbitrum dApp guidance for Stylus/Solidity + frontend) align with the included README, SKILL.md, and reference docs. Required environment/config fields are none and the files only recommend standard dev env variables (PRIVATE_KEY, ARBISCAN_API_KEY) you would expect for deployments. There are no unrelated credentials, binaries, or operations requested that would be disproportionate to a dApp development guide.

ℹ

Instruction Scope

SKILL.md and references describe running local devnode (docker), Foundry, cargo-stylus, and frontend code; they instruct use of PRIVATE_KEY and ARBISCAN_API_KEY for deployments (standard). The docs include the nitro-devnode's pre-funded deployer private key in references/local-devnode.md — this is the expected, well-known local-dev key but must never be reused on testnet/mainnet. The Next.js proxy example POSTs RPC traffic server-side (intended to solve CORS) — normal for local development. No instructions ask the agent to access unrelated host files or to exfiltrate secrets.

ℹ

Install Mechanism

There is no platform install spec; the repository includes a small install.sh that clones the GitHub repo into ~/.claude/skills and sends a single analytics POST to a goatcounter endpoint. Cloning from GitHub is expected. The analytics POST includes a visible Authorization Bearer token in the script; this appears to be a tracking token for counting installs (opt-out supported via ARBITRUM_SKILL_NO_ANALYTICS). Running arbitrary install scripts fetched over the network (README suggested curl|bash) carries the usual risk—review the script before executing.

✓

Credentials

The skill declares no required environment variables or credentials. The documentation recommends using PRIVATE_KEY, RPC URLs, and ARBISCAN_API_KEY for deploying/verifying contracts — all are proportionate to a deployment guide. The only explicit private key present in the repo is the nitro-devnode's pre-funded local key (intended for local testing).

✓

Persistence & Privilege

always is false and the skill does not request persistent system-wide privileges. The installer writes only to the user skill directory (~/.claude/skills) and does not modify other skills or system config. The skill is user-invocable and can be invoked autonomously by the agent (platform default) — not flagged on its own.

Assessment

This skill looks coherent with its purpose (Arbitrum dApp guidance). Before installing: 1) Inspect install.sh (it does a git clone and posts a single analytics hit to arbitrum-dapp-skill.goatcounter.com; set ARBITRUM_SKILL_NO_ANALYTICS=1 to opt out). 2) Avoid running curl | bash from unknown sources unless you reviewed the script. 3) Treat the private key shown in references/local-devnode.md as a local-dev key only — never use it on testnet/mainnet. 4) If you want extra caution, manually clone the GitHub repo, review files, and install only after confirming nothing unexpected is present (no hidden network exfiltration or privileged actions).

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.1.0

Download zip

latestvk977qqnvtz1jzts8vshjvcwkbn80ggen

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Arbitrum dApp Development

Stack

Layer	Tool	Notes
Smart contracts (Rust)	`stylus-sdk` v0.10+	Compiled to WASM, runs on Stylus VM
Smart contracts (Solidity)	Solidity 0.8.x + Foundry	Standard EVM path on Arbitrum
Local node	`nitro-devnode`	Docker-based local Arbitrum chain
Contract CLI	`cargo-stylus`	Check, deploy, export-abi for Stylus
Contract toolchain	Foundry (`forge`, `cast`, `anvil`)	Build, test, deploy, interact for Solidity
Frontend	React / Next.js + viem + wagmi	viem for all chain interaction
Package manager	pnpm	Workspace-friendly, fast

Decision Flow

When starting a new contract:

Need max performance / lower gas? → Stylus Rust. See references/stylus-rust-contracts.md.
Need broad tooling compatibility / rapid prototyping? → Solidity. See references/solidity-contracts.md.
Hybrid? → Use both. Stylus and Solidity contracts are fully interoperable on Arbitrum.

Project Scaffolding

Monorepo layout (recommended)

my-arbitrum-dapp/
├── apps/
│   ├── frontend/            # React / Next.js app
│   ├── contracts-stylus/    # Rust Stylus contracts
│   ├── contracts-solidity/  # Foundry Solidity contracts
│   └── nitro-devnode/       # Local dev chain (git submodule)
├── pnpm-workspace.yaml
└── package.json

Bootstrap steps

# 1. Create workspace
mkdir my-arbitrum-dapp && cd my-arbitrum-dapp
pnpm init
printf "packages:\n  - 'apps/*'\n" > pnpm-workspace.yaml

# 2. Local devnode
git clone https://github.com/OffchainLabs/nitro-devnode.git apps/nitro-devnode
cd apps/nitro-devnode && ./run-dev-node.sh && cd ../..

# 3a. Stylus contract
cargo stylus new apps/contracts-stylus

# 3b. Solidity contract
cd apps && forge init contracts-solidity && cd ..

# 4. Frontend
pnpm create next-app apps/frontend --typescript
cd apps/frontend
pnpm add viem wagmi @tanstack/react-query

Core Workflow

Stylus Rust

# Validate
cargo stylus check --endpoint http://localhost:8547

# Deploy (uses the nitro-devnode pre-funded deployer account)
cargo stylus deploy \
  --endpoint http://localhost:8547 \
  --private-key $PRIVATE_KEY

# Export ABI for frontend consumption
cargo stylus export-abi

Solidity (Foundry)

# Build
forge build

# Test
forge test

# Deploy locally (uses the nitro-devnode pre-funded deployer account)
forge script script/Deploy.s.sol --rpc-url http://localhost:8547 --broadcast \
  --private-key $PRIVATE_KEY

Note: The nitro-devnode ships with a pre-funded deployer account. See references/local-devnode.md for the default private key and address. For testnet/mainnet, use your own key via environment variables — never hardcode secrets.

Frontend (viem + wagmi)

import { createPublicClient, http } from "viem";
import { arbitrumSepolia } from "viem/chains";

const client = createPublicClient({
  chain: arbitrumSepolia,
  transport: http(),
});

// Read from contract
const result = await client.readContract({
  address: "0x...",
  abi: contractAbi,
  functionName: "myFunction",
});

See references/frontend-integration.md for full patterns with wagmi hooks, wallet connection, and write transactions.

Principles

Always use viem for chain interaction.
Test locally first against nitro-devnode before deploying to testnet.
Export ABIs from both Stylus (cargo stylus export-abi) and Solidity (forge inspect) and keep them in a shared location the frontend can import.
Use environment variables for RPC URLs, contract addresses, and private keys. Never hardcode secrets.
Stylus contracts are EVM-compatible — they share the same address space, storage model, and ABI encoding as Solidity contracts. Cross-contract calls work seamlessly.

References

Load these as needed for deeper guidance:

references/stylus-rust-contracts.md — Stylus SDK patterns, storage, macros, entrypoints
references/solidity-contracts.md — Solidity on Arbitrum specifics and Foundry workflow
references/frontend-integration.md — React + viem + wagmi patterns
references/local-devnode.md — Nitro devnode setup, accounts, and debugging
references/deployment.md — Deploying to testnet and mainnet
references/testing.md — Testing strategies for both Stylus and Solidity

Files

12 total

Select a file

Select a file to preview.

Comments

Loading comments…