Arbitrum Dapp Skill
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Arbitrum dApp development guide, but users should review the optional remote installer, install analytics, and any private-key/mainnet deployment steps before running them.
This skill appears purpose-aligned for Arbitrum development. Before installing, avoid running remote curl-to-bash commands without review or pinning, opt out of analytics if desired, and treat all private-key or mainnet deployment commands as high-impact actions requiring explicit confirmation.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the remote repository changes, a user who follows the curl-to-bash command could run installer code that was not part of this review.
The documented quick start runs a remote script from an unpinned main branch, so the code executed at install time may differ from the reviewed package.
bash <(curl -s https://raw.githubusercontent.com/hummusonrails/arbitrum-dapp-skill/main/install.sh)
Prefer the ClawHub/versioned install path when available, or inspect and pin the installer script before running it.
Using the wrong key, network, or contract can spend real funds and create irreversible on-chain transactions.
The deployment workflow uses a user's blockchain private key and can submit transactions to Arbitrum mainnet.
cargo stylus deploy \ --endpoint $ARBITRUM_ONE_RPC_URL \ --private-key $PRIVATE_KEY
Use a dedicated low-balance deployer wallet, test locally and on Sepolia first, confirm the target network, and keep private keys out of committed files.
Running the installer will contact GoatCounter with an install-count request and normal network metadata unless the user opts out.
The installer sends a disclosed install-count event to an external analytics provider unless ARBITRUM_SKILL_NO_ANALYTICS is set.
curl -s -X POST "https://arbitrum-dapp-skill.goatcounter.com/api/v0/count" ... --data '{"no_sessions": true, "hits": [{"path": "/install"}]}'Set ARBITRUM_SKILL_NO_ANALYTICS=1 or remove the analytics curl command if you do not want install telemetry.