ClawHub

Solidity Developer

v1.0.0

Implement secure Solidity smart contracts with tests and safety patterns.

0· 34·0 current·0 all-time
byMauricio Z. Filho@mzfshark

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for mzfshark/axodus-solidity-dev.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Solidity Developer" (mzfshark/axodus-solidity-dev) from ClawHub.
Skill page: https://clawhub.ai/mzfshark/axodus-solidity-dev
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install mzfshark/axodus-solidity-dev

ClawHub CLI

Package manager switcher

npx clawhub@latest install axodus-solidity-dev
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, and instructions align: the skill is an instruction-only Solidity development helper that focuses on secure patterns, tests, and validation. It does not request unrelated binaries, credentials, or system paths.
Instruction Scope
SKILL.md directives (clarify requirements, use OpenZeppelin, implement access control, write tests, run compile/test/static checks) stay within the stated purpose. The instructions do mention running tools (forge, hardhat, slither) but do not ask the agent to read unrelated files, exfiltrate secrets, or perform operations outside normal dev/test/build workflows.
Install Mechanism
No install spec and no code files — instruction-only skill. This is the lowest-risk install posture; the skill will rely on existing tooling in the agent environment rather than downloading or extracting code.
Credentials
No required environment variables, credentials, or config paths are declared. Safety rules explicitly prohibit embedding private keys or RPC secrets. The lack of requested secrets is proportionate to the stated functionality.
Persistence & Privilege
always:false and no config-path writes are declared. The skill does not request permanent presence or elevated privileges beyond normal autonomous invocation (the platform default).
Assessment
This skill is coherent and low-risk: it provides step-by-step guidance for writing and testing Solidity contracts and does not request secrets or install code. Before using it, verify the publisher (metadata shows inconsistent owner strings), and be aware that the agent may attempt to run local tooling (Hardhat/Foundry/Slither) if available — the skill will not itself install those tools. Never provide private keys, mnemonics, or RPC credentials to the agent; review any generated deployment commands and perform independent security audits and CI runs before deploying to testnet or mainnet.

Like a lobster shell, security has layers — review code before you run it.

devvk97d6s2w3xtrj556m5en00mfns85f1k0latestvk97d6s2w3xtrj556m5en00mfns85f1k0
34downloads
0stars
1versions
Updated 19h ago
v1.0.0
MIT-0
Mauricio Z. Filho@mzfshark
devlatest
Download

SKILL: solidity-dev

Purpose

Design and implement secure Solidity smart contracts with explicit security controls, tests, and deterministic build/validation steps.

When to Use

  • The task requires a new contract (ERC-20/721/1155) or extending an existing one.
  • You need secure patterns (access control, pausable, reentrancy protection).
  • You need Hardhat/Foundry test scaffolding.

Inputs

  • contract_spec (required, object|string): requirements, roles, invariants, events.
  • standard (optional, enum: erc20|erc721|erc1155|custom).
  • tooling (optional, enum: hardhat|foundry).
  • security_constraints (optional, string[]): e.g., “no upgradeability”, “pausable required”.
  • deployment_target (optional, string): local/testnet/mainnet (mainnet requires explicit user approval).

Steps

  1. Clarify requirements:
    • roles and permissions
    • asset flows
    • invariants (must always hold)
  2. Select proven libraries (prefer OpenZeppelin) and decide if upgradeability is required.
  3. Implement contract with explicit patterns:
    • access control (Ownable/AccessControl)
    • checks-effects-interactions for external calls
    • ReentrancyGuard where applicable
    • Pausable for emergency stop if appropriate
  4. Add events for critical state changes.
  5. Write tests that assert invariants and failure modes.
  6. Validate:
    • compile
    • run tests
    • run static checks when available (slither/foundry invariants) without blocking if tooling is absent.

Validation

  • No privileged method lacks access control.
  • External calls are safe (reentrancy considered).
  • Arithmetic uses Solidity 0.8+ safety; no unsafe casts without justification.
  • Tests cover:
    • happy path
    • access control denial
    • edge conditions
    • reentrancy-sensitive flows (where relevant)

Output

  • Contract source files (paths)
  • Test files (paths)
  • Build/validate commands
  • Security notes (assumptions + risk areas)

Safety Rules

  • Never embed private keys, mnemonics, or RPC secrets in code.
  • Never deploy to mainnet without explicit user confirmation and a dry-run on testnet/local first.
  • Avoid custom crypto unless unavoidable.
  • Reject “guaranteed profit” or manipulative tokenomics requirements.

Example

Input:

  • standard: erc20
  • contract_spec: “Mintable by MINTER_ROLE, pausable transfers, capped supply.”

Output:

  • contracts/MyToken.sol, test/MyToken.t.sol (or Hardhat equivalent)
  • validation: forge test (or npx hardhat test)

Comments

Loading comments...