ClawHub

Near Jsonrpc Skill

v1.0.0

Operate NEAR JSON-RPC reads through UXC with a public provider default, provider-override guidance, and read-only guardrails.

0· 113·1 current·1 all-time
by@jolestar
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description align with the artifacts: SKILL.md, openrpc schema, and usage examples all show a read-only JSON-RPC wrapper using uxc and the FastNear public RPC. There are no unrelated environment variables, binaries, or config paths requested.
Instruction Scope
Runtime instructions stay within the declared read-only NEAR RPC scope (status, query, block, chunk, gas_price, validators) and explicitly forbid transaction submission. Minor note: the workflow tells the agent to link a CLI using a remote OpenRPC schema URL (raw.githubusercontent.com). Fetching that schema at runtime is expected but means the skill will pull a small external file during setup.
Install Mechanism
This is instruction-only (no install spec). No arbitrary downloads or archive extraction are performed by the skill itself.
Credentials
The skill does not request any credentials or env vars (proportionate). Small inconsistency: the included validation script (scripts/validate.sh) calls/depends on rg and jq, but those tools are not mentioned in SKILL.md prerequisites; the script is not run automatically by the agent, but a user running validation must have them.
Persistence & Privilege
The skill does not request always:true or other elevated permanence. It links a uxc command alias at user level which is expected and scoped to the provider; no modifications to other skills or system-wide configs are requested.
Assessment
This skill appears coherent and read-only, but before installing: 1) ensure uxc is installed and you trust the default provider (https://free.rpc.fastnear.com) because the skill will query external RPC endpoints; 2) note the CLI link command fetches an OpenRPC schema from raw.githubusercontent.com — if you prefer, host or reference the schema locally to avoid remote fetches; 3) the included validate.sh requires rg and jq if you run it (they are not declared in SKILL.md); and 4) do not use this skill for signing/transaction submission — it explicitly warns against that. If you need higher assurance, review the OpenRPC schema file and test calls against a provider you control.

Like a lobster shell, security has layers — review code before you run it.

latestvk97914p5phdqjexn22awv5hvad836r53

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments