ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

RouteMesh Crypto RPC

v1.0.0

Call RouteMesh's unified JSON-RPC endpoint (lb.routeme.sh) for any EVM chainId using a helper script. Use when you need to fetch onchain data (eth_* methods), debug RPC responses, or demo RouteMesh routing for a chain/method.

0· 1.5k·1 current·1 all-time
by@kermankohli

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for kermankohli/routemesh-crypto-rpc.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "RouteMesh Crypto RPC" (kermankohli/routemesh-crypto-rpc) from ClawHub.
Skill page: https://clawhub.ai/kermankohli/routemesh-crypto-rpc
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install routemesh-crypto-rpc

ClawHub CLI

Package manager switcher

npx clawhub@latest install routemesh-crypto-rpc
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the declared primary credential and required Python binary; asking for ROUTEMESH_API_KEY and python is reasonable for an RPC helper. However, the skill's instructions assume a helper script at {baseDir}/scripts/routemesh_rpc.py, but no code files are present in the package—this is an inconsistency.
!
Instruction Scope
Instructions are narrow (how to POST JSON-RPC to lb.routeme.sh) and don't request unrelated files or env vars. But they instruct running a local helper script that does not exist in this skill bundle; that gap can cause confusion or require the agent/user to create/obtain an external script. The instructions also show the API key placed in the URL path (POST .../{apiKey}), which risks exposure via logs or referers; while the doc notes to keep the key out of logs, embedding in URLs is inherently more leak-prone.
Install Mechanism
No install spec (instruction-only) — lowest install risk. Nothing will be downloaded or written by the skill bundle itself.
Credentials
Only a single credential (ROUTEMESH_API_KEY) is declared as primary, which is proportional to an RPC service. Caution: the documented endpoint places the key in the URL path; this is a design choice of the upstream API but increases the chance of accidental exposure. No other unrelated secrets are requested.
Persistence & Privilege
Skill is not always-enabled and does not request persistent system-wide modifications. Normal autonomous invocation is allowed (platform default) but not escalated by this skill's metadata.
What to consider before installing
This skill's description and credential request are sensible for calling RouteMesh, but the package is incomplete: it references a helper script ({baseDir}/scripts/routemesh_rpc.py) that is not included. Before using/installing: verify the skill's source (routeme.sh) and obtain/review the actual helper script you will run. Prefer passing the API key via Authorization headers rather than embedding it in URLs if possible; if you must embed it, be aware URLs may be logged or leaked. Only provide ROUTEMESH_API_KEY if you trust the endpoint and rotate the key if you suspect exposure. If you cannot inspect the script beforehand, treat this skill as untrusted and avoid exposing high-privilege keys.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Any binpython3, python
Primary envROUTEMESH_API_KEY
latestvk9779b33zncexm2kv8q5kq0csn80gfxh
1.5kdownloads
0stars
1versions
Updated 12h ago
v1.0.0
MIT-0
@kermankohli
latest
Download

RouteMesh RPC (JSON-RPC)

This skill standardizes how to call RouteMesh’s unified RPC endpoint:

  • Endpoint: POST https://lb.routeme.sh/rpc/{chainId}/{apiKey}
  • Body: JSON-RPC 2.0 (jsonrpc, id, method, optional params)

Quick start

Set your API key (recommended):

export ROUTEMESH_API_KEY="rm_...your_key..."

Make a request (example: Ethereum mainnet, eth_blockNumber):

python3 "{baseDir}/scripts/routemesh_rpc.py" \
  --chain-id 1 \
  --method eth_blockNumber \
  --params '[]'

Usage pattern

Prefer calling via the helper script so output stays consistent and you don’t accidentally break JSON encoding.

Script arguments

  • --chain-id: EVM chain id (string or int, e.g. 1, 137, 42161)
  • --api-key: optional; falls back to ROUTEMESH_API_KEY
  • --method: JSON-RPC method (e.g. eth_getBlockByNumber, eth_call)
  • --params: JSON string for params (default [])
  • --url: optional base URL (default https://lb.routeme.sh)

Common examples

Get the latest block (Polygon):

python3 "{baseDir}/scripts/routemesh_rpc.py" \
  --chain-id 137 \
  --method eth_getBlockByNumber \
  --params '["latest", false]'

Get chain id (any EVM chain):

python3 "{baseDir}/scripts/routemesh_rpc.py" \
  --chain-id 8453 \
  --method eth_chainId \
  --params '[]'

eth_call (Base). data must be hex-encoded calldata:

python3 "{baseDir}/scripts/routemesh_rpc.py" \
  --chain-id 8453 \
  --method eth_call \
  --params '[{"to":"0x0000000000000000000000000000000000000000","data":"0x"}, "latest"]'

Notes / error handling

  • RouteMesh returns standard JSON-RPC responses (result or error) and may also use HTTP error codes.
  • If you get a JSON-RPC error.code, refer to RouteMesh RPC error code docs in this repo: docs/reference/Reference/get_new-endpoint.md.
  • Keep ROUTEMESH_API_KEY out of logs, issues, and commits.

Comments

Loading comments...