Ethereum JSON-RPC Skill
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is coherent for read-only Ethereum RPC use, but it depends on UXC, a live remote schema, and optional subscription jobs that users should monitor and stop when done.
This appears safe for its documented purpose if you keep it to public read operations. Before installing or using it, make sure you trust the RPC endpoint and remote schema source, avoid signed transaction or admin/debug methods, and stop any subscription jobs after use.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can make Ethereum RPC requests to the configured provider, which may reveal queried addresses or call details to that provider.
The skill directs the agent to create and use a UXC-backed CLI for Ethereum JSON-RPC calls. This is central to the skill purpose and is paired with read-only guardrails, but it is still external tool/API access that users should recognize.
`uxc link ethereum-jsonrpc-cli https://ethereum-rpc.publicnode.com --schema-url https://raw.githubusercontent.com/ethereum/execution-apis/assembled-spec/refs-openrpc.json`
Use a trusted RPC endpoint, inspect operation help first, and keep use to the documented read-only methods unless a separate review approves write or admin operations.
A changed remote schema could alter what the generated CLI exposes or how operations are described.
The command surface depends on a live remote OpenRPC schema rather than a bundled or commit-pinned schema. The source is official and purpose-aligned, but future schema changes could affect available help or operations.
`https://raw.githubusercontent.com/ethereum/execution-apis/assembled-spec/refs-openrpc.json`
Inspect generated help before use and consider pinning or caching a reviewed schema for repeatable workflows.
A subscription left running may continue using network resources and growing local log files.
The skill supports starting subscription jobs that continue writing events to local sink files until stopped. This is disclosed and purpose-aligned, with status and stop commands included.
`uxc subscribe start wss://<verified-ethereum-rpc-host> eth_subscribe ... --sink file:$HOME/.uxc/subscriptions/eth-new-heads.ndjson` ... `uxc subscribe stop <job_id>`
Start subscriptions only when needed, use narrow filters, monitor job status and file size, and stop jobs when finished.