← Back to Skills Marketplace
Multicall
by
BytesAgain2
· GitHub ↗
· v1.0.0
· MIT-0
107
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install multicall
Description
Analyze multicall operations. Use when you need to understand multicall mechanisms, evaluate protocol security, or reference on-chain concepts.
Usage Guidance
This skill is a simple local CLI implemented as a Bash script that stores its data in a user directory (default ~/.multicall). It does not contact external endpoints or request credentials. Before installing or running: (1) inspect the script yourself (it is included) to confirm you are comfortable with it creating/modifying files under the data directory; (2) avoid adding secrets to entries stored by the tool; (3) if you prefer, set MULTICALL_DIR to a controlled location; (4) note that the agent can invoke the skill when asked — the skill will then read/write the configured data files. If any of those behaviors are unacceptable, do not install or run the skill.
Capability Analysis
Type: OpenClaw Skill
Name: multicall
Version: 1.0.0
The 'multicall' skill (scripts/script.sh) is a generic data-logging tool that lacks the blockchain analysis functionality described in its documentation (SKILL.md). It contains several input sanitization vulnerabilities, specifically a 'sed' injection risk in the 'cmd_config' function and unescaped JSON construction in 'cmd_add', which could lead to local data corruption or unexpected behavior. While no evidence of intentional malice, data exfiltration, or remote execution was found, the discrepancy between its stated purpose and actual implementation, combined with these vulnerabilities, warrants a suspicious classification.
Capability Assessment
Purpose & Capability
The name/description (analyze multicall operations) matches the provided script behavior: a CLI for adding, listing, searching, exporting, and configuring local 'multicall' entries. The optional MULTICALL_DIR config is proportional and relevant.
Instruction Scope
SKILL.md only instructs running the included scripts/script.sh commands. The script reads/writes files under the configurable data directory and does not reference unrelated system paths, credentials, or network endpoints.
Install Mechanism
There is no install spec (instruction-only skill) and the included code is a plain shell script. No downloads, package installs, or remote resources are fetched during install.
Credentials
No required environment variables or credentials are declared. The script honors an optional MULTICALL_DIR env var to change the data directory; this is reasonable for a local CLI tool.
Persistence & Privilege
The skill is not always-enabled and is user-invocable. It will create and modify files under the user data directory (default ~/.multicall). This is expected behavior but means data written by the tool persists on disk and could contain sensitive contents if you add them.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install multicall - After installation, invoke the skill by name or use
/multicall - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
publish v1.0.0
Metadata
Frequently Asked Questions
What is Multicall?
Analyze multicall operations. Use when you need to understand multicall mechanisms, evaluate protocol security, or reference on-chain concepts. It is an AI Agent Skill for Claude Code / OpenClaw, with 107 downloads so far.
How do I install Multicall?
Run "/install multicall" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Multicall free?
Yes, Multicall is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Multicall support?
Multicall is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Multicall?
It is built and maintained by BytesAgain2 (@ckchzh); the current version is v1.0.0.
More Skills