Setup Cairo Contracts
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is coherent and purpose-aligned, but users should verify the remote installer before running the setup command.
This skill appears safe for its stated purpose. Treat the remote installer command like any development toolchain install: verify the URL, understand that it may change your local environment, and avoid running it automatically without review.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running this command can modify the user's development environment, so the user needs to trust the installer source.
The skill instructs users to pipe a remote installer directly into the shell. This is purpose-aligned for installing the Starknet/Cairo toolchain, but it runs external code on the user's machine.
curl --proto '=https' --tlsv1.2 -sSf https://sh.starkup.sh | sh
Before running the command, verify the Starkup installer URL against official Starknet documentation and consider reviewing the script or using an official package manager if available.