Blockchain
v1.0.0Understand blockchain technology, interact with smart contracts, and evaluate when distributed ledgers solve real problems.
⭐ 3· 1.8k·20 current·20 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (blockchain fundamentals, smart contract interaction, evaluation) match the included content: conceptual notes, developer patterns, evaluation framework, and security guidance. All files (concepts.md, dev.md, evaluation.md, security.md) are coherent with the stated purpose and do not request unrelated capabilities.
Instruction Scope
The SKILL.md and dev.md contain concrete code snippets for reading and writing contracts and reference real-world operations (RPC client, wallet.writeContract). As an instruction-only skill it does not itself run code, but the developer examples imply actions that require network/RPC endpoints and signing keys. Importantly, the dev.md snippet references process.env.RPC_URL even though the skill declares no required env vars — instructions therefore reference runtime configuration not declared in the metadata. This is a documentation mismatch that could confuse less technical users into supplying credentials in the wrong place.
Install Mechanism
No install/spec is present (instruction-only). This is the lowest-risk model: nothing is downloaded or written to disk by the skill itself.
Credentials
The skill declares no required environment variables or credentials, which is appropriate for an educational/instruction-only skill. However, dev.md demonstrates use of process.env.RPC_URL (an RPC endpoint) and implicitly requires wallet signers for write operations. The skill does not request or require any secrets in its metadata, so there is no immediate credential demand — but users following the instructions to perform writes will need to supply RPC endpoints and keys externally. This is reasonable for a developer guide, but callers should be careful not to paste seed phrases or private keys into chat or untrusted environments.
Persistence & Privilege
always:false and no install means the skill does not request persistent presence or elevated platform privileges. disable-model-invocation is false (normal); the skill being user-invocable and allowed to be invoked autonomously is the platform default and not concerning here, given the low-scope, read-only metadata.
Assessment
This skill is an educational/developer guide and appears to be what it says. It does not request secrets or install code. Two practical cautions: (1) dev.md shows examples that use process.env.RPC_URL and wallet clients; if you run those examples you will need an RPC endpoint and a signer — never paste seed phrases or private keys into chat or into places you don't control, and prefer hardware wallets or ephemeral keys. (2) The SKILL.md metadata declares no environment variables while examples reference RPC_URL; treat that as a documentation gap and confirm where you should store configuration before running any code. If you plan to let an agent perform transactions automatically, make sure you understand how keys are provided and never give full-control credentials to an automated skill.Like a lobster shell, security has layers — review code before you run it.
latestvk975wrysd89vc883ehcm2kdhv58107gz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.