by 安全扫描
OpenClaw
安全
high confidenceInstruction-only Solidity audit skill whose requirements and runtime instructions are consistent with its stated purpose and do not request extra privileges or install code.
评估建议
This skill is instruction-only and appears coherent for auditing Solidity source files. However: (1) verify the skill author/owner provenance before trusting reports (metadata shows inconsistent author/owner labels); (2) do not feed any private keys, mnemonic phrases, or other secrets as part of the 'scope' input — audits should only include contract source and harmless test artifacts; (3) treat the generated audit as advisory: cross-check findings with standard static analyzers (Slither, Mythri...详细分析 ▾
ℹ 用途与能力
The name, description, and runtime instructions all align: the skill describes checklist-based auditing of Solidity contracts and requires only contract sources as input. Minor metadata inconsistencies exist (author listed as "RedHat Dev" in SKILL.md/_meta.json while registry owner is a different ID), which is a provenance/labeling issue but not a technical mismatch with functionality.
✓ 指令范围
SKILL.md is explicit and scoped to analyzing the provided `scope` files, mapping entrypoints/roles, checklist review, and producing findings. It does not instruct the agent to read unrelated files, access external endpoints, or exfiltrate data. It also contains safety guidance not to provide exploit code for real targets.
✓ 安装机制
There is no install spec and no code files. This is instruction-only, so nothing will be downloaded or written to disk by the skill itself.
✓ 凭证需求
The skill declares no required environment variables, credentials, or config paths. There is no disproportionate credential request for the described audit functionality.
ℹ 持久化与权限
The skill does not request always:true and is user-invocable. The skill allows normal autonomous model invocation (platform default), which increases blast radius only in combination with other risks — no such risks are present here.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/4/24
smart-contract-audit v1.0.0 - Initial release providing deterministic, evidence-based vulnerability reviews for Solidity contracts. - Audits identify risks including access control flaws, reentrancy, accounting errors, and ERC standard compliance. - Inputs support custom scope, threat models, and deployment assumptions. - Outputs a structured YAML audit report with prioritized findings and actionable recommendations. - Emphasizes responsible disclosure, reproduction guidance, and explicit risk explanations.
● 无害
安装命令
点击复制官方npx clawhub@latest install axodus-smartcontracts-audits
镜像加速npx clawhub@latest install axodus-smartcontracts-audits --registry https://cn.longxiaskill.com