← Back to Skills Marketplace
Upgrade Solidity Contracts
by
samledger67-dotcom
· GitHub ↗
· v1.0.1
· MIT-0
266
Downloads
0
Stars
1
Active Installs
3
Versions
Install in OpenClaw
/install upgrade-solidity-contracts
Description
Upgrade Solidity smart contracts using OpenZeppelin proxy patterns. Use when users need to: (1) make contracts upgradeable with UUPS, Transparent, or Beacon...
Usage Guidance
This is a documentation-only skill about OpenZeppelin upgrade patterns and appears coherent for that purpose. Before installing/using it: (1) verify provenance — the SKILL.md claims OpenZeppelin authorship but the registry metadata lacks a homepage or canonical source; (2) be aware of the AGPL-3.0 license (copyleft implications if you redistribute modified content or ship derived works); (3) when following deployment/upgrade steps, keep private keys and RPC URLs local and do not paste them into the agent unless you explicitly trust the environment; (4) test all upgrades on testnets and review any suggested scripts before running them; and (5) if you expect an official OpenZeppelin resource, prefer downloading documentation from OpenZeppelin's verified site or repositories to avoid provenance issues.
Capability Analysis
Type: OpenClaw Skill
Name: upgrade-solidity-contracts
Version: 1.0.1
The skill bundle provides legitimate documentation for Solidity contract upgrades but includes a high-risk instruction in SKILL.md for the agent to execute a Bash command using 'node -e'. This command calculates ERC-7201 storage slots and takes a namespace ID as an argument. While the cryptographic logic is correct, instructing an agent to construct and run shell commands with variable inputs introduces a significant shell injection vulnerability. No evidence of intentional malice, data exfiltration, or backdoors was found.
Capability Assessment
Purpose & Capability
The skill name and SKILL.md content align: the document is detailed guidance on making contracts upgradeable with UUPS/Transparent/Beacon patterns, initializers, storage layout, and tooling (Hardhat/Foundry). One small mismatch: the SKILL.md metadata lists author: OpenZeppelin, but the registry/source/homepage fields in the package metadata are empty/unknown (owner is an ID). Confirm the publisher provenance if you expect an official OpenZeppelin document.
Instruction Scope
This is an instruction-only skill (a how-to manual). The visible content is documentation and workflow guidance rather than commands that read arbitrary system files or exfiltrate data. The instructions focus on Solidity code patterns, upgrade safety, and tooling workflows (Hardhat/Foundry).
Install Mechanism
No install spec and no code files are present, so nothing is written to disk or fetched at install time. This is the lowest-risk pattern for a skill of this type.
Credentials
The skill declares no required environment variables or credentials, which is reasonable for a documentation-only skill. However, real-world upgrade/deploy workflows described (Hardhat/Foundry upgrades, proxy deployments/upgrades) typically require RPC endpoints, deployer private keys, or API keys for wallet services. The skill does not request those explicitly — ensure any deployment steps you follow prompt for credentials locally and that you do not expose secrets to the agent or third parties.
Persistence & Privilege
always is false and there are no install scripts or capabilities that would modify other skills or system-wide agent settings. The skill does not request persistent privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install upgrade-solidity-contracts - After installation, invoke the skill by name or use
/upgrade-solidity-contracts - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Fix display name from probe to proper title
v98.0.0
probe
v1.0.0
Initial release — OpenZeppelin upgrade patterns for AI agents
Metadata
Frequently Asked Questions
What is Upgrade Solidity Contracts?
Upgrade Solidity smart contracts using OpenZeppelin proxy patterns. Use when users need to: (1) make contracts upgradeable with UUPS, Transparent, or Beacon... It is an AI Agent Skill for Claude Code / OpenClaw, with 266 downloads so far.
How do I install Upgrade Solidity Contracts?
Run "/install upgrade-solidity-contracts" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Upgrade Solidity Contracts free?
Yes, Upgrade Solidity Contracts is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Upgrade Solidity Contracts support?
Upgrade Solidity Contracts is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Upgrade Solidity Contracts?
It is built and maintained by samledger67-dotcom (@samledger67-dotcom); the current version is v1.0.1.
More Skills