ClawHub

Blockscout OpenAPI Skill

v1.0.0

Operate Blockscout explorer reads through UXC with a curated OpenAPI schema, instance-specific host selection, and read-first guardrails.

0· 130·1 current·1 all-time
by@jolestar
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, and included files (OpenAPI schema and usage docs) align with a read-only Blockscout explorer skill. The only runtime dependency the skill documents is the 'uxc' CLI and a target Blockscout host, which is appropriate for the described functionality.
Instruction Scope
SKILL.md confines runtime actions to linking/using the 'uxc' CLI and an OpenAPI-based 'blockscout-openapi-cli' command for read operations. It explicitly declares read-only guardrails and does not instruct the agent to read or exfiltrate unrelated local files or environment variables. It does assume network access and use of a GitHub raw URL for the schema.
Install Mechanism
There is no install spec (instruction-only), which is low risk. The repo includes a validate.sh script that requires jq and rg for local validation; this is a development/CI helper and not an installation of remote code. The skill does reference fetching a schema from raw.githubusercontent.com (a common release host) — understandable for a curated schema but worth auditing if you distrust that URL.
Credentials
The skill declares no required environment variables or credentials. It notes that protected/self-hosted instances may require auth managed via the caller's 'uxc auth' bindings, which is proportionate and keeps credentials out of the skill itself.
Persistence & Privilege
The skill does not request always: true, does not modify other skills, and uses the platform default (agent-invocable). It does not ask to write system-wide configuration beyond linking a command via 'uxc', which is consistent with its purpose.
Assessment
This skill appears coherent and read-only, but before installing: (1) ensure you trust the local 'uxc' CLI the skill expects to call (the skill delegates auth/requests to uxc); (2) verify the curated OpenAPI schema URL (raw.githubusercontent.com) if you have supply-chain concerns; (3) do not link the CLI to hosts you don't trust — linking binds the command to a target host and subsequent calls will query that host; (4) if you will target protected/self-hosted Blockscout instances, configure credentials via your own 'uxc auth' and avoid embedding secrets in skill files; (5) the included validate.sh is a harmless repo check but requires jq and ripgrep (rg) if you run it locally. If any of these assumptions are unacceptable, review or modify the SKILL.md and schema before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk974c33fyt5zh5nhp4kh6y30tn8330gt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments