← 返回 Skills 市场
tenequm

Foundry Solidity

作者 Misha Kolesnik · GitHub ↗ · v0.1.0 · MIT-0
cross-platform ⚠ suspicious
107
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install foundry-solidity
功能描述
Build and test Solidity smart contracts with Foundry toolkit. Use when developing Ethereum contracts, writing Forge tests, deploying with scripts, or debuggi...
使用说明 (SKILL.md)

Foundry Solidity Development

Complete guide for building secure, efficient smart contracts with Foundry 1.5.0 and Solidity 0.8.30.

When to Use This Skill

  • Developing Ethereum/EVM smart contracts
  • Writing Forge tests (unit, fuzz, invariant, fork)
  • Deploying contracts with scripts
  • Using Foundry tools (forge, cast, anvil, chisel)
  • Working with foundry.toml, *.t.sol, *.s.sol files
  • Debugging transactions and contract interactions

Quick Start

# Create new project
forge init my-project && cd my-project

# Build contracts
forge build

# Run tests
forge test

# Deploy (dry-run)
forge script script/Deploy.s.sol --rpc-url sepolia

# Deploy (broadcast)
forge script script/Deploy.s.sol --rpc-url sepolia --broadcast --verify

Project Structure

my-project/
├── foundry.toml          # Configuration
├── src/                  # Contracts
│   └── Counter.sol
├── test/                 # Tests (*.t.sol)
│   └── Counter.t.sol
├── script/               # Deploy scripts (*.s.sol)
│   └── Deploy.s.sol
└── lib/                  # Dependencies
    └── forge-std/

Core Commands

Build & Test

forge build                          # Compile
forge test                           # Run all tests
forge test -vvvv                     # With traces
forge test --match-test testDeposit  # Filter by test name
forge test --match-contract Vault    # Filter by contract
forge test --fork-url $RPC_URL       # Fork testing
forge test --gas-report              # Gas usage report

Deployment

# Single contract
forge create src/Token.sol:Token --rpc-url sepolia --private-key $KEY --broadcast

# Script deployment (recommended)
forge script script/Deploy.s.sol:Deploy --rpc-url sepolia --broadcast --verify

# Verify existing contract
forge verify-contract $ADDRESS src/Token.sol:Token --chain sepolia

Cast - Blockchain Interactions

cast call $CONTRACT "balanceOf(address)" $USER --rpc-url mainnet
cast send $CONTRACT "transfer(address,uint256)" $TO $AMOUNT --private-key $KEY
cast decode-tx $TX_HASH
cast storage $CONTRACT 0 --rpc-url mainnet

Anvil - Local Node

anvil                           # Start local node
anvil --fork-url $RPC_URL       # Fork mainnet
anvil --fork-block-number 18000000

Basic Test Contract

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.30;

import {Test, console} from "forge-std/Test.sol";
import {Counter} from "../src/Counter.sol";

contract CounterTest is Test {
    Counter public counter;
    address public user;

    function setUp() public {
        counter = new Counter();
        user = makeAddr("user");
        deal(user, 10 ether);
    }

    function test_Increment() public {
        counter.increment();
        assertEq(counter.number(), 1);
    }

    function test_RevertWhen_Unauthorized() public {
        vm.expectRevert("Unauthorized");
        vm.prank(user);
        counter.adminFunction();
    }

    function testFuzz_SetNumber(uint256 x) public {
        x = bound(x, 0, 1000);
        counter.setNumber(x);
        assertEq(counter.number(), x);
    }
}

Essential Cheatcodes

// Identity & ETH
address alice = makeAddr("alice");          // Create labeled address
deal(alice, 10 ether);                      // Give ETH
deal(address(token), alice, 1000e18);       // Give ERC20

// Impersonation
vm.prank(alice);                            // Next call as alice
vm.startPrank(alice);                       // All calls as alice
vm.stopPrank();

// Time & Block
vm.warp(block.timestamp + 1 days);          // Set timestamp
vm.roll(block.number + 100);                // Set block number

// Assertions
vm.expectRevert("Error message");           // Expect revert
vm.expectRevert(CustomError.selector);      // Custom error
vm.expectEmit(true, true, false, true);     // Expect event
emit Transfer(from, to, amount);            // Must match next emit

// Storage
vm.store(addr, slot, value);                // Write storage
vm.load(addr, slot);                        // Read storage

Deploy Script

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.30;

import {Script, console} from "forge-std/Script.sol";
import {Counter} from "../src/Counter.sol";

contract Deploy is Script {
    function run() external {
        uint256 deployerKey = vm.envUint("PRIVATE_KEY");

        vm.startBroadcast(deployerKey);
        Counter counter = new Counter();
        counter.setNumber(42);
        vm.stopBroadcast();

        console.log("Deployed to:", address(counter));
    }
}

Modern Solidity Patterns (0.8.30)

// Custom errors (gas efficient)
error InsufficientBalance(uint256 available, uint256 required);

// Transient storage (0.8.28+) - cheap reentrancy guard
bool transient locked;
modifier nonReentrant() {
    require(!locked, "Reentrancy");
    locked = true;
    _;
    locked = false;
}

// Immutable variables (cheap reads)
address public immutable owner;

// Named mapping parameters
mapping(address user => uint256 balance) public balances;

// require with custom error (0.8.26+)
require(amount \x3C= balance, InsufficientBalance(balance, amount));

Configuration (foundry.toml)

[profile.default]
src = "src"
out = "out"
libs = ["lib"]
solc = "0.8.30"
optimizer = true
optimizer_runs = 200
evm_version = "prague"

fuzz.runs = 256
invariant.runs = 256
invariant.depth = 50

[rpc_endpoints]
mainnet = "${MAINNET_RPC_URL}"
sepolia = "${SEPOLIA_RPC_URL}"

[etherscan]
mainnet = { key = "${ETHERSCAN_API_KEY}" }
sepolia = { key = "${ETHERSCAN_API_KEY}" }

[profile.ci]
fuzz.runs = 10000
invariant.runs = 1000

References

For detailed guides, see:

  • Testing: See references/testing.md for complete testing patterns (unit, fuzz, invariant, fork), all cheatcodes, and best practices
  • forge-std API: See references/forge-std-api.md for complete library reference (150+ functions)
  • Solidity 0.8.30: See references/solidity-modern.md for new features and modern syntax
  • Deployment: See references/deployment.md for scripting, verification, and multi-chain deployment
  • Configuration: See references/configuration.md for all foundry.toml options
  • Gas Optimization: See references/gas-optimization.md for storage packing, compiler settings, and profiling
  • Patterns: See references/patterns.md for access control, reentrancy guards, factories, and common idioms
  • Security: See references/security.md for vulnerabilities, defensive patterns, and audit preparation
  • Resources: See references/resources.md for official docs, libraries, security tools, and learning paths
  • Debugging: See references/debugging.md for traces, breakpoints, console.log, and the interactive debugger
  • Dependencies: See references/dependencies.md for forge install, remappings, and Soldeer package manager
  • CI/CD: See references/cicd.md for GitHub Actions workflows, caching, and gas tracking
  • Chisel: See references/chisel.md for the interactive Solidity REPL
  • Cast Advanced: See references/cast-advanced.md for decoding, encoding, wallet management, and batch operations
  • Anvil Advanced: See references/anvil-advanced.md for impersonation, state manipulation, and mining modes
安全使用建议
This skill is a legitimate and detailed Foundry guide for compiling, testing, debugging, and deploying Solidity contracts. Two things to watch before installing/using it: (1) SKILL.md repeatedly references sensitive environment variables (PRIVATE_KEY, ETHERSCAN_API_KEY, RPC URLs, etc.) but the skill metadata does not declare any required env vars — treat that as a red flag and assume the instructions will try to read those variables if present. (2) The guide describes powerful operations (impersonation, setting code/storage, broadcasting transactions). Only run this skill in a trusted, isolated environment and never expose real private keys to an untrusted agent. Recommendations: (a) do not provide production/private keys to the agent; use ephemeral or empty keys for experimentation; (b) run in a sandboxed environment or CI runner with scoped secrets; (c) if you want to proceed, ask the maintainer to update the skill metadata to explicitly list required env vars and justify their use; (d) review any deployment scripts (foundry.toml and script/*.s.sol) in your repo for vm.env* usage before allowing the agent to run them. If the maintainer confirms this is purely a documentation skill (no autonomous secret access), that would raise confidence to benign.
功能分析
Type: OpenClaw Skill Name: foundry-solidity Version: 0.1.0 The skill bundle is a comprehensive and legitimate toolkit for Solidity smart contract development using the Foundry suite (forge, cast, anvil, chisel). It provides extensive documentation, code examples, and configuration templates aligned with industry best practices for Ethereum development. While the instructions in SKILL.md and the reference files (such as deployment.md and cicd.md) guide the agent to use sensitive data like private keys and RPC URLs via environment variables, this is the standard and intended operation for the Foundry toolchain. No evidence of malicious intent, unauthorized data exfiltration, or harmful prompt injection was found.
能力评估
Purpose & Capability
The name and description match the instructions: this is a Foundry (forge/cast/anvil/chisel) development guide. All included commands and references (tests, deploy scripts, anvil cheatcodes) are coherent with that purpose. However, the skill metadata declares no required environment variables or credentials while the SKILL.md repeatedly references sensitive env vars (PRIVATE_KEY, ETHERSCAN_API_KEY, MAINNET_RPC_URL, etc.), which is an inconsistency between advertised requirements and the actual usage in instructions.
Instruction Scope
SKILL.md contains explicit runtime instructions that exercise powerful local dev and chain-interaction operations: reading vm.env* values, broadcasting transactions with --private-key, impersonation (anvil impersonate), setCode/setStorage RPCs, and forking mainnet. These are expected for Foundry usage, but they require caution because they rely on environment secrets and manipulate chain state. The instructions do not instruct reading arbitrary user files or transmitting data to unknown external endpoints beyond typical RPC/explorer services, and they are fairly specific rather than open-ended.
Install Mechanism
No install specification and no code files with executable install steps are present — the skill is instruction-only. That minimizes filesystem/executable risk; nothing is downloaded or written by the skill itself.
Credentials
The SKILL.md references many sensitive environment variables and credential names (e.g., PRIVATE_KEY, ETHERSCAN_API_KEY, MAINNET_RPC_URL, SEPOLIA_RPC_URL, DEPLOYER_PRIVATE_KEY, TEST_ADMIN). Yet the skill metadata declares no required env vars or primary credential. This mismatch is concerning because an agent following these instructions may attempt to read environment variables or use secrets that weren’t declared or scoped by the skill metadata. The number and sensitivity of referenced env vars are proportionate to deployment/testing tasks, but they should be declared explicitly so users know the skill will access them.
Persistence & Privilege
always:false and no install steps mean the skill does not request permanent/force-installed presence. Model invocation is allowed (default) but that is normal for skills. The skill does not attempt to modify other skills or system-wide agent settings.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install foundry-solidity
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /foundry-solidity 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial publish
元数据
Slug foundry-solidity
版本 0.1.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Foundry Solidity 是什么?

Build and test Solidity smart contracts with Foundry toolkit. Use when developing Ethereum contracts, writing Forge tests, deploying with scripts, or debuggi... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 107 次。

如何安装 Foundry Solidity?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install foundry-solidity」即可一键安装,无需额外配置。

Foundry Solidity 是免费的吗?

是的,Foundry Solidity 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Foundry Solidity 支持哪些平台?

Foundry Solidity 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Foundry Solidity?

由 Misha Kolesnik(@tenequm)开发并维护,当前版本 v0.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论