📦 clawcontract — 智能合约生成

v1.0.8

一句话生成 Solidity 合约，自动审计并一键部署到 BNB Chain（BSC/opBNB），支持自然语言转代码、安全分析与链上交互，让开发提速 10 倍。

0· 729·1 当前·1 累计

by @sufnoobzac (cvpfus)

开发工具代码生成安全自动化 API工具

下载技能包

最后更新

2026/4/22

安全扫描

VirusTotal

可疑

查看报告

OpenClaw

安全

high confidence

The skill's requested binaries, environment variables, and runtime instructions match its stated purpose (generate/analyze/deploy/verify smart contracts for BNB Chain) and are internally consistent.

评估建议

This skill appears to do what it claims, but take these precautions before installing or running it: 1) Do not supply a funded mainnet private key unless you intentionally want the agent to be able to deploy live contracts — use testnet or throwaway keys for initial experiments. 2) Review the npm package source (https://github.com/cvpfus/clawcontract and the package contents) before npm installing to confirm there are no surprises. 3) If you want to prevent accidental deploys or automated code c...

详细分析 ▾

✓ 用途与能力

Name/description, required binary (clawcontract), install spec (npm package), and required env vars (AI API key, private key for deploy, BscScan API key for verification) all align with a CLI that generates, analyzes, deploys, and verifies contracts on BNB chains. Minor metadata inconsistency: the registry primary credential field is 'none' while CLAWCONTRACT_PRIVATE_KEY is listed in requires.env, but this is a documentation/metadata mismatch rather than a functional mismatch.

ℹ 指令范围

SKILL.md is an instruction-only CLI wrapper that stays within scope: it runs clawcontract commands, writes generated source to ./contracts/, and stores deployment metadata in .deployments/. Notable agent-impacting behaviors: the full pipeline can auto-fix generated code (up to 3 attempts) and deploys automatically (no interactive blocking prompt for mainnet), which means an agent with access to a funded private key can perform live transactions without interactive confirmation. The README provides flags (--skip-deploy, --skip-fix) to reduce this risk.

✓ 安装机制

Install uses an npm package named 'clawcontract' which creates the expected binary. This is a standard package install mechanism; it is traceable on npm/GitHub rather than pulling arbitrary archives from unknown hosts. As with any npm package, users should verify the package provenance and review the package contents before installation.

ℹ 凭证需求

The three required env vars (OPENROUTER API key for AI generation, PRIVATE_KEY for signing deployments, BSCSCAN API key for verification) are proportionate to the stated features. The PRIVATE_KEY is highly sensitive — only provide it when you intend to deploy, and prefer testnet or throwaway keys for trials. The metadata omission of a declared primary credential is a minor inconsistency.

✓ 持久化与权限

The skill does not request 'always: true' and does not modify other skills or system-wide settings. It writes files only to local contract and deployments paths described in SKILL.md. Autonomous invocation is allowed but is the platform default; combined with the required PRIVATE_KEY this gives the agent the ability to sign transactions, which is expected for a deployer CLI.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.82026/2/13

Version 1.0.8 - Updated safety documentation: - Mainnet deployment now issues a warning but does not block on user prompt; deploy proceeds automatically, supporting agent-driven use cases. - The `delete` command is now the only interactive prompt; use `--force` to bypass confirmation when deleting local deployment metadata. - Clarified that automatic AI-powered security fixes only affect generated contract files and added instructions for disabling auto-fix or deployment. - Explicitly described safeguards against accidental mainnet deployment—both a funded key and manual mainnet selection are required. - Adjusted required environment variables; `CLAWCONTRACT_OPENROUTER_MODEL` is now optional.

● 可疑

安装命令

点击复制

官方npx clawhub@latest install clawcontract

镜像加速npx clawhub@latest install clawcontract --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库