Contract Deployer

The package claims to be a local contract deployer but contains multiple inconsistencies and worrying signals (private-key handling, self-replication language, mismatched metadata) that you should review before installing or using it with real keys/funds.

Do not install or run this skill in a production environment or with real keys/funds until you've resolved the inconsistencies. Specific actions to consider before using: 1) Do not POST your private keys to this agent — prefer signing transactions locally in your own controlled tool instead. 2) Verify MERCHANT_BOT_URL is bound to a local, trusted service (http://localhost:8202) and cannot be set to a remote endpoint you don't control. 3) Inspect the full, untruncated contract_deployer_agent.py for any code that spawns other agents, makes agent-to-agent calls, or writes new skill files — the manifest's 'spawnable/a2a' fields and SKILL.md propagation language are a red flag. 4) Fix packaging issues: install.sh references a Dockerfile that is missing and the registry metadata should list required env vars if they are used. 5) If you still want to test, run the agent in an isolated VM or container with no access to keys/funds and with outbound network blocked except to trusted RPC endpoints to observe behavior. 6) Prefer a vetted, open-source deployer maintained by known parties; if you must use this code, get an independent code audit and a clear explanation from the author for the 'self-replicating' and 'Genesis Conductor' claims.