ClawHub

Abi Toolchain

v1.0.1

ABI lifecycle management for smart contract projects. Use when your frontend is out of sync with contract changes, when you need to set up ABI generation in...

0· 98·0 current·0 all-time
by@old-greggyboy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description describe ABI lifecycle tooling and the included scripts (sync-abi.sh and abi-diff.js) implement exactly that functionality (extract ABIs from Foundry/Hardhat artifacts, write to frontend, and compare ABIs). Required resources and behavior are proportionate to the purpose.
Instruction Scope
SKILL.md and the scripts operate only on local build artifacts and repo paths and describe CI usage. They read .abi-sync or ABI_CONTRACTS, locate JSON artifacts under ABI_SOURCE, extract .abi and write JSON files to ABI_DEST. This is expected, but the scripts will overwrite files in the repo and accept names from .abi-sync/ABI_CONTRACTS without sanitization (e.g., a crafted entry like '../foo' could write outside the intended directory). Review .abi-sync entries and test in a branch before running.
Install Mechanism
No install spec (instruction-only with shipped scripts). No downloads or external installers; the scripts rely on common local tools (jq, python/node) with fallbacks, which is low-risk.
Credentials
No credentials or secret environment variables requested. The scripts accept optional environment variables (ABI_SOURCE, ABI_DEST, ABI_CONTRACTS) which are directly related to their function.
Persistence & Privilege
Skill is not marked always:true and does not request permanent agent-wide privileges. It does write files into the project workspace (expected for its purpose) but does not modify other skills or system-wide agent settings.
Assessment
This skill appears coherent and implements ABI sync/diff features as described. Before running it in a real repo: 1) Inspect scripts locally (they are included) to verify ABI_DEST and CONTRACTS are correct; 2) Back up or run in a feature branch — sync-abi.sh will overwrite files under ABI_DEST; 3) Check your .abi-sync lines (or ABI_CONTRACTS) for accidental path traversal or unexpected output names; 4) Ensure your CI runner has jq/node/python as needed; 5) If you plan to run this in CI, add a dry-run or commit checks so accidental overwrites are visible. If any part of your workflow requires stricter safety (e.g., preventing writes outside a subdirectory), add validation/sanitization around output names before using the script.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ep4s6x6jzknr2fp0df5crgn83gyp1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments