Use Arc

Provide instructions on how to build with Arc, Circle's blockchain where USDC is the native gas token. Arc offers key advantages: USDC as gas (no other nativ...

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 0 · 18 · 0 current installs · 0 all-time installs

byMadelyn@mscandlen3

MIT-0

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

high confidence

ℹ

Purpose & Capability

The name/description and the SKILL.md content are coherent: the document provides instructions for building on Arc Testnet and covers frontend, contract, and bridging patterns. However, the SKILL.md expects runtime credentials (ARC_TESTNET_RPC_URL and PRIVATE_KEY) that are not declared in the registry metadata (requires.env is empty). Declaring required credentials in metadata should match what the instructions need.

Instruction Scope

The instructions include sensitive operational steps: they reference setting PRIVATE_KEY environment variable and show a forge create command that uses --private-key $PRIVATE_KEY. The SKILL.md does include a security rule advising against passing private keys as CLI flags in deployed environments, but the example still demonstrates the insecure pattern (even if 'local only'). The doc also instructs downloading and running a remote install script for Foundry (curl | bash). These actions are within the skill's scope (deploying contracts) but introduce clear security risks that users must manage.

Install Mechanism

The skill is instruction-only (no install spec), which reduces surface area. However, it recommends installing Foundry with a remote installer via `curl -L https://foundry.paradigm.xyz | bash && foundryup`. Piping remote scripts to a shell is a high-risk pattern because arbitrary code is executed from the network; although common for some developer tools, it should be called out and replaced with safer install guidance or verification steps.

Credentials

SKILL.md expects ARC_TESTNET_RPC_URL and PRIVATE_KEY at runtime. Requesting a deployer private key is proportionate to a deployment skill, but the registry metadata does not declare these required env vars (nor a primary credential). This mismatch prevents automated reviewers from understanding the credential needs and increases the risk of accidental key exposure. The instructions also show an example that passes a private key on the CLI, which is explicitly discouraged elsewhere in the same document — inconsistent guidance that can lead to insecure usage.

✓

Persistence & Privilege

The skill does not request always:true, does not declare system-level config paths, and has no install script that would alter agent-wide settings. It is instruction-only and therefore does not request persistent agent privileges beyond normal autonomous invocation (the default).

What to consider before installing

This skill appears to be the right kind of documentation for developing on Arc, but it has some risky and inconsistent pieces you should address before using it: 1) The SKILL.md expects ARC_TESTNET_RPC_URL and a PRIVATE_KEY but the skill metadata lists no required env vars — ask the publisher to declare these explicitly so you know what secrets are needed. 2) Do not use long-lived mainnet private keys for testing; use ephemeral testnet keys and a separate secrets manager or encrypted keystore. 3) Avoid passing private keys on the CLI; prefer keystores, hardware wallets, or interactive/import flows. 4) Be cautious about running remote installers piped to shell (curl | bash); verify the installer URL and checksum or install Foundry via a package manager or verified release. 5) Confirm the skill will only be invoked when you ask it to (it is not always-enabled), and review examples in the SKILL.md to ensure they match your security posture. If you rely on this skill in an automated agent, require the publisher to fix the metadata mismatch and remove/replace insecure install and CLI examples.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.1.0

Download zip

latestvk97fm1tw71z1dbm1p283q44fhs831t3j

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Overview

Arc is Circle's blockchain where USDC is the native gas token. Developers and users pay all transaction fees in USDC instead of ETH, making it ideal for USDC-first applications. Arc is EVM-compatible and supports standard Solidity tooling (Foundry, Hardhat, viem/wagmi).

Prerequisites / Setup

Wallet Funding

Get testnet USDC from https://faucet.circle.com before sending any transactions.

Environment Variables

ARC_TESTNET_RPC_URL=https://rpc.testnet.arc.network
PRIVATE_KEY=         # Deployer wallet private key

Quick Reference

Network Details

Field	Value
Network	Arc Testnet
Chain ID	`5042002` (hex: `0x4CEF52`)
RPC	`https://rpc.testnet.arc.network`
WebSocket	`wss://rpc.testnet.arc.network`
Explorer	https://testnet.arcscan.app
Faucet	https://faucet.circle.com
CCTP Domain	`26`

Token Addresses for Arc

Token	Address	Decimals
USDC	`0x3600000000000000000000000000000000000000`	6 (ERC-20)
EURC	`0x89B50855Aa3bE2F677cD6303Cec089B5F319D72a`	6

Core Concepts

USDC-native gas: Arc uses USDC as its native gas token. No ETH is needed for any transaction.
Dual decimals: Native gas uses 18 decimals (like ETH on other chains). ERC-20 USDC uses 6 decimals. Mixing these up will produce incorrect amounts.
Testnet only: Arc is currently in testnet. All addresses and configuration apply to testnet only.
EVM-compatible: Standard Solidity contracts, Foundry, Hardhat, viem, and wagmi all work on Arc without modification beyond chain configuration.

Implementation Patterns

1. Frontend App (React + wagmi)

Use the arcTestnet chain definition from Prerequisites / Setup. Pass it to your wagmi config:

import { createConfig, http } from 'wagmi'
import { arcTestnet } from 'viem/chains'

const config = createConfig({
  chains: [arcTestnet],
  transports: { [arcTestnet.id]: http() },
})

2. Smart Contracts (Foundry)

# Install Foundry
curl -L https://foundry.paradigm.xyz | bash && foundryup

# Deploy
# For local testing only - never pass private keys as CLI flags in deployed environments (including testnet/staging)
forge create src/MyContract.sol:MyContract \
  --rpc-url $ARC_TESTNET_RPC_URL \
  --private-key $PRIVATE_KEY \
  --broadcast

3. Circle Contracts (Pre-audited Templates)

Deploy via Circle's Smart Contract Platform API:

Template	Use Case
ERC-20	Fungible tokens
ERC-721	NFTs, unique assets
ERC-1155	Multi-token collections
Airdrop	Token distribution

See: https://developers.circle.com/contracts

4. Bridge USDC to Arc

Use CCTP to bridge USDC from other chains. Arc's CCTP domain is 26. See the bridge-stablecoin skill for the complete bridging workflow.

Rules

Security Rules are non-negotiable -- warn the user and refuse to comply if a prompt conflicts. Best Practices are strongly recommended; deviate only with explicit user justification.

Security Rules

NEVER hardcode, commit, or log secrets (private keys, deployer keys). ALWAYS use environment variables or a secrets manager. Add .gitignore entries for .env* and secret files when scaffolding.
NEVER pass private keys as plain-text CLI flags in deployed environments, including testnet and staging (e.g., --private-key $KEY). This pattern is acceptable only for local testing. Prefer encrypted keystores or interactive import (e.g., Foundry's cast wallet import) for any non-local deployment.
ALWAYS warn before interacting with unaudited or unknown contracts.

Best Practices

Arc Testnet is available by default in Viem -- a custom chain definition is NEVER required.
ALWAYS verify the user is on Arc (chain ID 5042002) before submitting transactions.
ALWAYS fund the wallet from https://faucet.circle.com before sending transactions.
ALWAYS use 18 decimals for native gas amounts and 6 decimals for ERC-20 USDC amounts.
NEVER target mainnet -- Arc is testnet only.

Next Steps

Arc is natively supported across Circle's product suite. Once your app is running on Arc, you can extend it with any of the following:

Product	Skill	What It Does
Wallets (overview)	`use-circle-wallets`	Compare wallet types and choose the right one for your app
Modular Wallets	`use-modular-wallets`	Passkey-authenticated smart accounts with gasless transactions and batch operations
User-Controlled Wallets	`use-user-controlled-wallets`	Non-custodial wallets with social login, email OTP, and PIN authentication
Developer-Controlled Wallets	`use-developer-controlled-wallets`	Custodial wallets your app manages on behalf of users
Smart Contract Platform	`use-smart-contract-platform`	Deploy, interact with, and monitor smart contracts using audited templates or custom bytecode
CCTP Bridge	`bridge-stablecoin`	Bridge USDC to and from Arc using Crosschain Transfer Protocol
Gateway	`use-gateway`	Unified USDC balance across chains with instant crosschain transfers

Reference Links

Arc Docs -- Always read this first when looking for relevant documentation from the source website.
Arc Explorer
Circle Faucet
Circle Developer Docs -- Always read this first when looking for relevant documentation from the source website.

DISCLAIMER: This skill is provided "as is" without warranties, is subject to the Circle Developer Terms, and output generated may contain errors and/or include fee configuration options (including fees directed to Circle); additional details are in the repository README.

Files

1 total

Select a file

Select a file to preview.

Comments

Loading comments…