Setup Solidity Contracts
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: setup-solidity-contracts Version: 1.0.1 The skill bundle provides standard, legitimate instructions for setting up Solidity development environments using Hardhat and Foundry. While it includes a 'curl | bash' command in SKILL.md for installing Foundry, this is the official installation method from the legitimate paradigm.xyz domain. The instructions for dependency management and remappings are technically accurate and align with OpenZeppelin's official documentation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running these commands changes the user's local project dependencies and relies on external package sources.
The skill directs users to install third-party packages from npm and GitHub-based Foundry dependencies. This is purpose-aligned for a Solidity setup guide, and the Foundry instructions explicitly recommend pinning a release tag.
npm install @openzeppelin/contracts ... forge install OpenZeppelin/openzeppelin-contracts@v<VERSION>
Verify package names and sources, prefer pinned versions where practical, and review dependency changes before committing or deploying.
If the user runs it, a remote installer can modify the local development environment.
The Foundry setup uses a remote shell installer. It is presented as a user-directed setup step and is central to the skill's purpose, but it still executes downloaded code on the user's machine.
curl -L https://foundry.paradigm.xyz | bash foundryup
Run the installer only after confirming the URL is the official Foundry source and understanding what the installer does.