ClawHub

Web3-Dapp-Master

v1.0.2

Industry-standard Web3 DApp architecture skill (2026). Covers the full modern stack: Account Abstraction (ERC-4337/EIP-7702), embedded wallets (Privy/Dynamic...

0· 75·0 current·0 all-time
by@stanpoldark
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description claim a comprehensive Web3 DApp architecture guide and the SKILL.md contains architecture patterns, stack recommendations, and design guidance consistent with that purpose. There are no unexpected credential or binary requirements declared that would be unrelated to a documentation/architectural skill.
Instruction Scope
The provided SKILL.md is prose and design guidance (scaffolding choices, architecture, testing strategies). It does not instruct the agent to read arbitrary host files, exfiltrate data, or call external endpoints itself. I saw no commands or steps that would access system paths or undeclared environment variables.
Install Mechanism
There is no install spec and no code files — this is instruction-only, which minimizes installation risk (nothing is written to disk or downloaded by the skill itself).
Credentials
The skill declares no required environment variables, credentials, or config paths. The guidance references third-party services (Alchemy, Privy, Dynamic, Redis, etc.) that in practice will require API keys if you follow the guidance, but the skill itself does not request or handle any secrets.
Persistence & Privilege
always is false and the skill does not request persistent installation or modify other skills or system settings. Model invocation is allowed (default), which is normal for skills, and does not meaningfully increase risk here given the lack of installs or credential requests.
Assessment
This skill is a documentation/architecture guide (no code/no installs), so it appears internally consistent. Before relying on it: 1) note the source/homepage is unknown — prefer skills with a clear maintainer or repo; 2) when you implement the recommendations you will need API keys and hosted services (Alchemy, Privy/Dynamic, Redis, Postgres, etc.) — only provide least-privileged keys and avoid pasting production secrets into chat; 3) verify licensing and third-party tooling versions before copying configuration; and 4) if you want the agent to perform actions (scaffold code, run installs), require an audited install spec or review generated commands before execution.

Like a lobster shell, security has layers — review code before you run it.

latestvk979wjw0ez1avmynwnh5wwj22583zp7j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments