← Back to Skills Marketplace
sufnoobzac

clawcontract

by cvpfus · GitHub ↗ · v1.0.8
cross-platform ⚠ suspicious
769
Downloads
0
Stars
1
Active Installs
9
Versions
Install in OpenClaw
/install clawcontract
Description
AI-powered smart contract generator, analyzer, and deployer for BNB Chain (BSC/opBNB). Use when you need to generate Solidity from natural language, run secu...
README (SKILL.md)

ClawContract

Generate, analyze, deploy, and verify smart contracts on BNB Chain via CLI.

Source & install: \x3Chttps://github.com/cvpfus/clawcontract> — clone the repo, run pnpm install && pnpm build && npm link.

Quick Start

Generate a contract:

clawcontract generate "escrow contract for peer to peer trades with dispute resolution and timeout auto release"

Full pipeline (generate → analyze → deploy → verify):

clawcontract full "escrow contract for peer to peer trades with dispute resolution and timeout auto release" --chain bsc-testnet

Deploy an existing contract:

clawcontract deploy ./contracts/VibeToken.sol --chain bsc-testnet

Interact with a deployed contract:

clawcontract interact 0xABC... name --chain bsc-testnet

List deployment records:

clawcontract list
clawcontract list --chain bsc-testnet

Delete a deployment record:

clawcontract delete 0xABC...def

References

  • Full command reference (all flags, examples, notes): See {baseDir}/references/commands.md

Supported Chains

Key Chain Testnet
bsc-mainnet BNB Smart Chain No
bsc-testnet BNB Smart Chain Testnet Yes
opbnb-mainnet opBNB No
opbnb-testnet opBNB Testnet Yes

Default: bsc-testnet.

Env Vars

Configure via docker-compose.yml or set directly in the environment.

Variable Required Purpose
CLAWCONTRACT_OPENROUTER_API_KEY Yes AI contract generation
CLAWCONTRACT_PRIVATE_KEY For deploy Wallet for deployment — must be supplied by user
CLAWCONTRACT_BSCSCAN_API_KEY For verify Contract verification on BscScan/opBNBScan
CLAWCONTRACT_OPENROUTER_MODEL No Model override (default: anthropic/claude-sonnet-4-20250514)

Artifacts

The CLI writes the following files to disk during normal operation:

Path When Contents
contracts/*.sol generate, full Generated Solidity source
.deployments/*.json deploy, full Deployment metadata (address, chain, tx hash)

Safety

  • No auto-generated keys. CLAWCONTRACT_PRIVATE_KEY must be explicitly provided by the user via environment variable. The CLI will not generate or persist a private key on its own.
  • Mainnet warning (non-blocking). Deployment to mainnet chains prints a bold warning about real costs but does not block on a prompt — the deploy proceeds automatically. This is by design: the CLI targets agent-driven pipelines where stdin is unavailable. Users control mainnet exposure by choosing --chain explicitly (default is bsc-testnet).
  • delete confirmation prompt. delete is the sole interactive command — it shows deployment details and asks Remove this deployment? (y/N). Use --force to skip the prompt (agent-friendly). This is safe because delete only removes local metadata; it cannot affect on-chain state.
  • Automatic fix attempts. During full, if high-severity issues are found the AI attempts to fix and re-analyze (up to 3 rounds). This means the agent may modify generated source before deploy. Mitigations:
    • Use --skip-fix to disable auto-fix entirely.
    • Use --skip-deploy to review the final source and analysis before any on-chain action.
    • Fixes only target the generated file in contracts/; no other files are modified.
  • Accidental live-deploy risk. Because CLAWCONTRACT_PRIVATE_KEY is mandatory for deploy and the default chain is bsc-testnet, accidental mainnet deploys require the user to both set a funded mainnet key and explicitly pass --chain bsc-mainnet or --chain opbnb-mainnet. Neither can happen silently.
  • Prefer testnet chains and throwaway keys for initial trials.
Usage Guidance
This skill appears to do what it claims, but take these precautions before installing or running it: 1) Do not supply a funded mainnet private key unless you intentionally want the agent to be able to deploy live contracts — use testnet or throwaway keys for initial experiments. 2) Review the npm package source (https://github.com/cvpfus/clawcontract and the package contents) before npm installing to confirm there are no surprises. 3) If you want to prevent accidental deploys or automated code changes, run commands with --skip-deploy and/or --skip-fix when invoking the 'full' pipeline. 4) Treat CLAWCONTRACT_PRIVATE_KEY as highly sensitive (store it securely and avoid putting it in broad CI/CD environments). 5) Note the metadata minor inconsistency (primary credential not declared) — this is likely harmless but worth being aware of.
Capability Analysis
Type: OpenClaw Skill Name: clawcontract Version: 1.0.8 This skill is classified as suspicious due to its inherent high-risk capabilities, including the generation, analysis, and deployment of smart contracts to blockchain networks, and the handling of sensitive private keys and API keys. While the documentation is transparent about these risks and provides safety measures (e.g., defaulting to testnet, requiring explicit mainnet configuration, disclosing AI-driven code modification), the potential for severe financial loss or smart contract vulnerabilities if the underlying `clawcontract` tool or AI logic is flawed, or if misused, warrants a 'suspicious' classification. There is no evidence of intentional malicious behavior such as data exfiltration, backdoors, or prompt injection against the agent to perform unauthorized actions.
Capability Assessment
Purpose & Capability
Name/description, required binary (clawcontract), install spec (npm package), and required env vars (AI API key, private key for deploy, BscScan API key for verification) all align with a CLI that generates, analyzes, deploys, and verifies contracts on BNB chains. Minor metadata inconsistency: the registry primary credential field is 'none' while CLAWCONTRACT_PRIVATE_KEY is listed in requires.env, but this is a documentation/metadata mismatch rather than a functional mismatch.
Instruction Scope
SKILL.md is an instruction-only CLI wrapper that stays within scope: it runs clawcontract commands, writes generated source to ./contracts/, and stores deployment metadata in .deployments/. Notable agent-impacting behaviors: the full pipeline can auto-fix generated code (up to 3 attempts) and deploys automatically (no interactive blocking prompt for mainnet), which means an agent with access to a funded private key can perform live transactions without interactive confirmation. The README provides flags (--skip-deploy, --skip-fix) to reduce this risk.
Install Mechanism
Install uses an npm package named 'clawcontract' which creates the expected binary. This is a standard package install mechanism; it is traceable on npm/GitHub rather than pulling arbitrary archives from unknown hosts. As with any npm package, users should verify the package provenance and review the package contents before installation.
Credentials
The three required env vars (OPENROUTER API key for AI generation, PRIVATE_KEY for signing deployments, BSCSCAN API key for verification) are proportionate to the stated features. The PRIVATE_KEY is highly sensitive — only provide it when you intend to deploy, and prefer testnet or throwaway keys for trials. The metadata omission of a declared primary credential is a minor inconsistency.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills or system-wide settings. It writes files only to local contract and deployments paths described in SKILL.md. Autonomous invocation is allowed but is the platform default; combined with the required PRIVATE_KEY this gives the agent the ability to sign transactions, which is expected for a deployer CLI.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install clawcontract
  3. After installation, invoke the skill by name or use /clawcontract
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.8
Version 1.0.8 - Updated safety documentation: - Mainnet deployment now issues a warning but does not block on user prompt; deploy proceeds automatically, supporting agent-driven use cases. - The `delete` command is now the only interactive prompt; use `--force` to bypass confirmation when deleting local deployment metadata. - Clarified that automatic AI-powered security fixes only affect generated contract files and added instructions for disabling auto-fix or deployment. - Explicitly described safeguards against accidental mainnet deployment—both a funded key and manual mainnet selection are required. - Adjusted required environment variables; `CLAWCONTRACT_OPENROUTER_MODEL` is now optional.
v1.0.7
Version 1.0.7 - Updated required environment variable list to include CLAWCONTRACT_PRIVATE_KEY for deployment. - No functional or code changes detected; documentation and metadata updates only.
v1.0.6
- Updated required environment variables: CLAWCONTRACT_PRIVATE_KEY is no longer required by default. - CLAWCONTRACT_OPENROUTER_MODEL is now listed as a required environment variable. - Installation metadata updated to reflect new environment variable requirements.
v1.0.5
- Updates required binaries and environment variables to accurately reflect the current dependencies. - Removes the need for the separate "slither" binary and package from the installation instructions and requirements. - Expands the list of required environment variables to include all relevant variables in the skill metadata. - No functional changes to code; documentation and metadata only.
v1.0.4
- Updated environment variable names to use the CLAWCONTRACT_ prefix for all configuration and secrets. - Added support for listing and deleting deployment records via new list and delete commands. - Updated dependencies to require both clawcontract and slither binaries. - Provided installation instructions for both node (clawcontract) and uv (slither-analyzer). - Removed .env file generation, standardizing all configuration through environment variables. - Improved documentation for environment setup, especially for docker-compose use cases.
v1.0.3
ClawContract 1.0.3 changelog - Added `--skip-deploy` flag to the `full` command, allowing users to review generated contracts and analysis results before deploying. - Added `--skip-fix` option to disable automatic fix attempts for high-severity analysis issues. - Updated documentation for safety recommendations and flag usage.
v1.0.2
Version 1.0.2 of clawcontract - No code or documentation changes detected in this release. - No updates were made to the SKILL.md or implementation files.
v1.0.1
- Added explicit requirement for the OPENROUTER_API_KEY environment variable. - Updated documentation to clarify that PRIVATE_KEY must be supplied by the user; auto-generation and persistence of deployment keys has been removed. - Added homepage link and installation instructions referencing the official GitHub repository. - Expanded documentation to detail CLI artifact output locations and when files are written. - Improved and reorganized safety notes, emphasizing testnet use for trials and mandatory user-supplied keys.
v1.0.0
- Initial release of ClawContract: an AI-powered CLI tool for generating, analyzing, deploying, and verifying Solidity smart contracts on BNB Chain (BSC/opBNB). - Supports contract generation from natural language, security analysis, compilation, deployment, source verification, and contract interaction. - Works with both mainnet and testnet for BSC and opBNB. - Includes fully non-interactive CLI operation with .env setup and multiple environment variable options. - Safety features: automatic fixes for high-severity issues and extra deployment warnings on mainnets.
Metadata
Slug clawcontract
Version 1.0.8
License
All-time Installs 1
Active Installs 1
Total Versions 9
Frequently Asked Questions

What is clawcontract?

AI-powered smart contract generator, analyzer, and deployer for BNB Chain (BSC/opBNB). Use when you need to generate Solidity from natural language, run secu... It is an AI Agent Skill for Claude Code / OpenClaw, with 769 downloads so far.

How do I install clawcontract?

Run "/install clawcontract" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is clawcontract free?

Yes, clawcontract is completely free (open-source). You can download, install and use it at no cost.

Which platforms does clawcontract support?

clawcontract is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created clawcontract?

It is built and maintained by cvpfus (@sufnoobzac); the current version is v1.0.8.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments