← 返回 Skills 市场
xiaominger

solidity-audit

作者 Jango · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ⚠ suspicious
150
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install solidity-audit
功能描述
Solidity smart contract security audit assistant following EEA EthTrust V3 specification. Performs structured audit workflow: vulnerability scanning, securit...
安全使用建议
This skill appears coherent and appropriate for performing Solidity audits. Before installing or running its advised commands: 1) review any remote installer scripts (the Foundry curl installer) and prefer official sites/releases; 2) pin and verify tool versions (pip/cargo packages) to avoid unexpected updates; 3) run installations and scans in an isolated environment (container/VM) to limit risk; 4) do not upload private keys, .env files, or unrelated secrets as part of the code to be audited; and 5) inspect the included scripts (scripts/init_audit.py) to confirm they only create local scaffolding (they do). If you want higher assurance, ask the publisher for a signed release or run the toolchain installs manually under your control.
功能分析
Type: OpenClaw Skill Name: solidity-audit Version: 1.0.1 The bundle provides a professional Solidity audit framework based on EEA EthTrust V3 and Secureum standards. It is classified as suspicious because SKILL.md contains high-risk instructions for the AI agent to execute shell commands, including 'curl | bash' for Foundry installation and various 'pip'/'cargo' installs for security tools. While these capabilities are plausibly required for the stated purpose of performing automated security scans, they grant the agent broad execution power. No evidence of intentional malice, data exfiltration, or obfuscation was found in the Python initialization script (scripts/init_audit.py) or the extensive documentation.
能力评估
Purpose & Capability
Name/description match the contents: SKILL.md, audit templates, checklists, and a small init script all align with a structured Solidity audit workflow. Required env, binaries, and config paths are empty (reasonable for an instruction-first audit helper).
Instruction Scope
Runtime instructions stay within audit scope (static analysis, tests, manual review, report generation). The SKILL.md asks the user/agent to examine project source, compiler settings, docs, and run audit tools — all expected for this purpose. It does not instruct exfiltration or accessing unrelated system credentials.
Install Mechanism
The registry has no install spec, but SKILL.md includes commands that fetch and install third‑party tooling (pip install slither-analyzer, cargo install aderyn, and a curl-based Foundry installer). These are common for this domain but involve network downloads and running remote scripts; users should verify sources and versions before executing.
Credentials
The skill declares no required credentials or config paths and the included files do not request secrets. Note: actual audits require access to the project's source (which may contain secrets or keys); only provide code you control and strip unrelated sensitive files before running automated scans.
Persistence & Privilege
Skill does not request always:true, does not modify other skills or system-wide settings, and the included script only scaffolds a local audit project directory. No persistent agent privileges are requested.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install solidity-audit
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /solidity-audit 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
No user-facing or functional changes in this version. - No file changes detected between versions 1.0.0 and 1.0.1. - Documentation and skill capabilities remain the same.
v1.0.0
Solidity-audit 1.0.0 - Provides a smart contract security audit assistant based on EEA EthTrust V3 specification - Performs structured audit workflow: vulnerability scanning, security analysis, and audit report generation - Detects key vulnerabilities including reentrancy, integer overflow, access control, and more - Integrates with static analysis tools (Slither/Aderyn) and Foundry testing - Supports both English and Chinese audit triggers and detailed guidance for quick and comprehensive audits
元数据
Slug solidity-audit
版本 1.0.1
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 2
常见问题

solidity-audit 是什么?

Solidity smart contract security audit assistant following EEA EthTrust V3 specification. Performs structured audit workflow: vulnerability scanning, securit... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 150 次。

如何安装 solidity-audit?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install solidity-audit」即可一键安装,无需额外配置。

solidity-audit 是免费的吗?

是的,solidity-audit 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

solidity-audit 支持哪些平台?

solidity-audit 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 solidity-audit?

由 Jango(@xiaominger)开发并维护,当前版本 v1.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论