← Back to Skills Marketplace
150
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install solidity-audit
Description
Solidity smart contract security audit assistant following EEA EthTrust V3 specification. Performs structured audit workflow: vulnerability scanning, securit...
Usage Guidance
This skill appears coherent and appropriate for performing Solidity audits. Before installing or running its advised commands: 1) review any remote installer scripts (the Foundry curl installer) and prefer official sites/releases; 2) pin and verify tool versions (pip/cargo packages) to avoid unexpected updates; 3) run installations and scans in an isolated environment (container/VM) to limit risk; 4) do not upload private keys, .env files, or unrelated secrets as part of the code to be audited; and 5) inspect the included scripts (scripts/init_audit.py) to confirm they only create local scaffolding (they do). If you want higher assurance, ask the publisher for a signed release or run the toolchain installs manually under your control.
Capability Analysis
Type: OpenClaw Skill
Name: solidity-audit
Version: 1.0.1
The bundle provides a professional Solidity audit framework based on EEA EthTrust V3 and Secureum standards. It is classified as suspicious because SKILL.md contains high-risk instructions for the AI agent to execute shell commands, including 'curl | bash' for Foundry installation and various 'pip'/'cargo' installs for security tools. While these capabilities are plausibly required for the stated purpose of performing automated security scans, they grant the agent broad execution power. No evidence of intentional malice, data exfiltration, or obfuscation was found in the Python initialization script (scripts/init_audit.py) or the extensive documentation.
Capability Assessment
Purpose & Capability
Name/description match the contents: SKILL.md, audit templates, checklists, and a small init script all align with a structured Solidity audit workflow. Required env, binaries, and config paths are empty (reasonable for an instruction-first audit helper).
Instruction Scope
Runtime instructions stay within audit scope (static analysis, tests, manual review, report generation). The SKILL.md asks the user/agent to examine project source, compiler settings, docs, and run audit tools — all expected for this purpose. It does not instruct exfiltration or accessing unrelated system credentials.
Install Mechanism
The registry has no install spec, but SKILL.md includes commands that fetch and install third‑party tooling (pip install slither-analyzer, cargo install aderyn, and a curl-based Foundry installer). These are common for this domain but involve network downloads and running remote scripts; users should verify sources and versions before executing.
Credentials
The skill declares no required credentials or config paths and the included files do not request secrets. Note: actual audits require access to the project's source (which may contain secrets or keys); only provide code you control and strip unrelated sensitive files before running automated scans.
Persistence & Privilege
Skill does not request always:true, does not modify other skills or system-wide settings, and the included script only scaffolds a local audit project directory. No persistent agent privileges are requested.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install solidity-audit - After installation, invoke the skill by name or use
/solidity-audit - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
No user-facing or functional changes in this version.
- No file changes detected between versions 1.0.0 and 1.0.1.
- Documentation and skill capabilities remain the same.
v1.0.0
Solidity-audit 1.0.0
- Provides a smart contract security audit assistant based on EEA EthTrust V3 specification
- Performs structured audit workflow: vulnerability scanning, security analysis, and audit report generation
- Detects key vulnerabilities including reentrancy, integer overflow, access control, and more
- Integrates with static analysis tools (Slither/Aderyn) and Foundry testing
- Supports both English and Chinese audit triggers and detailed guidance for quick and comprehensive audits
Metadata
Frequently Asked Questions
What is solidity-audit?
Solidity smart contract security audit assistant following EEA EthTrust V3 specification. Performs structured audit workflow: vulnerability scanning, securit... It is an AI Agent Skill for Claude Code / OpenClaw, with 150 downloads so far.
How do I install solidity-audit?
Run "/install solidity-audit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is solidity-audit free?
Yes, solidity-audit is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does solidity-audit support?
solidity-audit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created solidity-audit?
It is built and maintained by Jango (@xiaominger); the current version is v1.0.1.
More Skills