Ethereum Wingman
v0.1.0Ethereum development tutor and builder for Scaffold-ETH 2 projects. Triggers on "build", "create", "dApp", "smart contract", "Solidity", "DeFi", "Ethereum", "web3", or any blockchain development task. ALWAYS uses fork mode to test against real protocol state.
⭐ 2· 1.8k·5 current·5 all-time
by@jp4g
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The declared purpose (Scaffold-ETH 2 / forked local testing) matches the instructions and scripts, but the package metadata declares no required binaries or env vars while the SKILL.md and scripts clearly assume Node (npx), yarn, Foundry/cast/anvil, and an RPC URL. Also the skill's files and setup scripts reference different authors/repos (metadata lists BuidlGuidl; setup script and README text reference austintgriffith and other names), creating provenance inconsistencies.
Instruction Scope
Instructions direct the agent/user to create projects, run local forks, enable interval mining, impersonate whale accounts, and manipulate local node state (setBalance, impersonateAccount) — all reasonable for fork testing but intrusive. There are contradictory steps: SKILL.md explicitly says 'DO NOT run yarn chain' (use yarn fork) while scripts/init-project.sh prints a 'Next steps' flow that includes 'yarn chain'. The setup script will create a .cursorrules symlink in the working directory, which modifies user disk state. The SKILL.md references tools/files not included (e.g., cursor MCP tools, tools/testing/frontend-testing.md).
Install Mechanism
No remote install/downloads or archive extraction are specified (instruction-only with helper scripts), so there is no high-risk install mechanism. The included shell scripts are simple automation helpers and greps; nothing in the files downloads or executes code from untrusted network locations.
Credentials
The skill declares no required environment variables, yet the instructions and examples reference $RPC_URL (anvil --fork-url $RPC_URL) and call out tools that need unlocked nodes and possibly local credentials. The scripts assume developer toolchain presence (npx, yarn, cast, anvil) but don't declare them. No secrets are explicitly requested, but the mismatch between declared and actual requirements is a red flag — you should not provide RPC keys or private keys until you validate the source.
Persistence & Privilege
always is false and the skill does not request elevated platform privileges. However, the setup script will create/overwrite a .cursorrules symlink in the current working directory, which is persistent on disk. The skill does not modify other skills' configs or request permanent agent-wide presence, but you should expect local filesystem changes when running its setup scripts.
What to consider before installing
Before installing or running this skill: 1) Verify origin and author (metadata claims BuidlGuidl but scripts reference austintgriffith and other names). 2) Inspect the scripts locally (init-project.sh, check-gotchas.sh, setup-cursor.sh) and run them in a sandboxed directory — do not run them in a production repo or your home directory. 3) Ensure you have the required toolchain (Node/npm or npx, yarn, Foundry tools: anvil/cast, and a fork RPC URL) and do not paste private keys or production RPC secrets into examples until you trust the source. 4) Resolve contradictory guidance (e.g., 'DO NOT run yarn chain' vs init script suggestions) with the author or by examining the Scaffold-ETH docs. 5) If you plan to use the cursor setup, be aware it will create/overwrite a .cursorrules symlink in the current directory. If you cannot confirm the skill's provenance or fix the metadata inconsistencies, treat it as untrusted and avoid running scripts that alter node state or impersonate accounts.Like a lobster shell, security has layers — review code before you run it.
latestvk97b3yg9gg64be45a45c9ych3d801gp6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.