← Back to Skills Marketplace
98
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install pentagonal
Description
Use when the user asks to create, generate, build, audit, fix, compile, or look up smart contracts and tokens. Pentagonal Clawd is a sovereign smart contract...
Usage Guidance
Before installing, verify the vendor and hosting (pentagonal.ai) and ask the publisher for a homepage or source repo. Note that many of the skill's advanced features only work if the platform exposes MCP tools — otherwise Mode B only does token lookups. Do NOT place private keys or broad API keys in an agent-wide environment; if you must use an API key, prefer a key with minimal privileges and store it outside the agent environment or use short-lived credentials. Ask the publisher to update the manifest to declare required env vars (PENTAGONAL_API_KEY etc.) and to explain what the agent will do if those values exist. Finally, always review generated contract source code and audit results yourself before running any deployment commands that use private keys or RPC endpoints.
Capability Analysis
Type: OpenClaw Skill
Name: pentagonal
Version: 1.0.2
The skill provides smart contract auditing and generation via the Pentagonal.ai API. It instructs the AI agent in SKILL.md to use bash and curl to interact with the API (https://www.pentagonal.ai/api/fetch-contract) if MCP tools are unavailable. This introduces a potential shell injection vulnerability if user-provided contract addresses or chain IDs are not properly sanitized by the agent before command execution. While the behavior is aligned with the stated purpose and includes explicit warnings against handling private keys, the reliance on shell commands for network access is a high-risk capability that warrants a suspicious classification.
Capability Tags
Capability Assessment
Purpose & Capability
The name/description claim a full smart-contract forge (generate, audit, fix, compile, deploy) and the SKILL.md documents those flows. However, in the absence of the referenced MCP tools the direct (Mode B) API only supports token lookups; generation/audit/fix/compile require MCP tool availability or a Pentagonal account. The manifest declares no required credentials, which is inconsistent with features that require an API key or account.
Instruction Scope
The instructions tell the agent to call pentagonal.ai endpoints (curl) and include example commands that reference environment variables (e.g., $PENTAGONAL_API_KEY, $PRIVATE_KEY, etherscan API key). The skill manifest did not declare these env vars. The skill also provides deployment commands that use a private key (examples show $PRIVATE_KEY). The agent instructions therefore reference and could cause access to sensitive secrets that were not declared in the skill metadata.
Install Mechanism
This is an instruction-only skill with no install spec or code files, so nothing is written to disk or downloaded during install. That reduces installer risk.
Credentials
The SKILL.md references sensitive environment variables and API keys (PENTAGONAL_API_KEY, PRIVATE_KEY, etherscan API key) but the manifest lists no required env vars or primary credential. Requesting or referencing private keys and API keys without declaring them is disproportionate and may cause accidental exposure if the agent has access to environment secrets.
Persistence & Privilege
The skill is not always:true and has no install step that modifies agent configuration. Model invocation is allowed (default) which is expected for skills; there is no elevated persistence requested.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install pentagonal - After installation, invoke the skill by name or use
/pentagonal - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
Chain auto-detection: pentagonal_lookup now auto-detects the blockchain from the contract address via DexScreener. No need to specify chain manually.
v1.0.0
Initial release: AI-powered smart contract auditing, generation, and compilation across 8 chains
Metadata
Frequently Asked Questions
What is Skill?
Use when the user asks to create, generate, build, audit, fix, compile, or look up smart contracts and tokens. Pentagonal Clawd is a sovereign smart contract... It is an AI Agent Skill for Claude Code / OpenClaw, with 98 downloads so far.
How do I install Skill?
Run "/install pentagonal" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Skill free?
Yes, Skill is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Skill support?
Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Skill?
It is built and maintained by Achilles (@achilles1089); the current version is v1.0.2.
More Skills