Setup Cairo Contracts
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: setup-cairo-contracts Version: 1.0.1 The skill bundle provides standard documentation and instructions for setting up a Cairo/Starknet development environment using OpenZeppelin contracts. While it includes a 'curl | sh' command to install the Starknet toolchain via 'sh.starkup.sh', this is a common pattern for developer tools and aligns with the stated purpose of project scaffolding. The content includes helpful security advice regarding storage collisions and contains no evidence of malicious intent, data exfiltration, or prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running this command can modify the user's development environment, so the user needs to trust the installer source.
The skill instructs users to pipe a remote installer directly into the shell. This is purpose-aligned for installing the Starknet/Cairo toolchain, but it runs external code on the user's machine.
curl --proto '=https' --tlsv1.2 -sSf https://sh.starkup.sh | sh
Before running the command, verify the Starkup installer URL against official Starknet documentation and consider reviewing the script or using an official package manager if available.