Setup Stellar Contracts
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent Stellar/Soroban setup guide, with the main caution that it tells users to run remote installer scripts.
This appears safe as a developer setup reference, but treat the remote installer commands as code execution on your machine. Verify the Rust, Stellar CLI, and OpenZeppelin sources before running them, especially because the registry source is unknown.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running these commands will execute code downloaded from the internet on the user's machine.
The skill instructs users to install development tools by piping remote scripts directly to a shell; this is purpose-aligned for setup, but users should verify the source before running it.
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh ... curl -fsSL https://github.com/stellar/stellar-cli/raw/main/install.sh | sh
Review the installer URLs, prefer official documentation or pinned release installers when possible, and run the commands only in an environment where installing developer tools is intended.
A user may place extra trust in the setup instructions because of the claimed author identity.
The skill presents an OpenZeppelin authorship signal while the supplied registry metadata lists the source as unknown and no homepage; this is not evidence of deception, but users should verify provenance before relying on the authorship claim.
metadata: author: OpenZeppelin
Confirm the skill's source or compare the instructions against official OpenZeppelin and Stellar documentation before running installer commands.