← 返回 Skills 市场
Solidity LSP
作者
bowen31337
· GitHub ↗
· v1.0.0
1147
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install solidity-lsp
功能描述
Solidity language server providing smart contract development support including compilation, linting, security analysis, and code intelligence for .sol files. Use when working with Ethereum smart contracts, Substrate pallets, or any Solidity code that needs compilation, security checks, gas optimization, or code navigation. Essential for ClawChain pallet development.
安全使用建议
This skill is not malicious but is inconsistent and has a few risky recommendations. Before installing or following the instructions: (1) Note the mismatch — the skill advertises an LSP but contains only CLI instructions; if you need an LSP, install/verify a real Solidity language-server package. (2) Avoid running curl | bash blindly (Foundry installer); fetch the script separately and inspect it, or use the official package manager instructions. (3) Never place private keys in plain environment variables on a shared machine; use a hardware wallet, temporary keys, or an isolated environment for deployments. (4) Prefer installing solc/solhint/slither from official, versioned sources and run them in a sandbox or container if you are unsure. (5) Because the skill is instruction-only, the agent will not automatically access your files or keys — but if you tell the agent to run these commands, those commands will run with your user privileges. If you want this skill for IDE LSP features, request or look for a skill that actually installs/configures a language-server (LSP) implementation and cites a trustworthy source.
功能分析
Type: OpenClaw Skill
Name: solidity-lsp
Version: 1.0.0
The skill bundle is classified as suspicious due to the use of `curl -L ... | bash` for installing Foundry in `references/frameworks.md`. While this method is common for installing developer tools and the URL points to the official Foundry domain, it represents a high-risk capability as it executes arbitrary code directly from the internet, which could be exploited if the remote server were compromised. There is no clear evidence of intentional malicious behavior like data exfiltration or prompt injection against the agent, but the installation method itself introduces a significant supply chain risk.
能力评估
Purpose & Capability
The skill is named and described as a 'Solidity LSP' (language server / code intelligence) but the SKILL.md only contains instructions for installing and running CLI tools (solcjs, solhint, slither) and framework docs. There is no LSP implementation, no server integration, and nothing that provides language-server protocol hooks. It also claims to be 'essential for ClawChain pallet development' even though ClawChain sections discuss ink! (Rust) — the scope and claims do not align.
Instruction Scope
The runtime instructions are limited to installing and running compilers, linters, and analyzers — they do not instruct the agent to read arbitrary host files or exfiltrate data. However the references/frameworks.md includes example Hardhat config that uses SEPOLIA_URL and PRIVATE_KEY environment variables for deployments, which could lead users to place sensitive keys in env vars. The instructions also suggest running networked installers and security tools (slither) that may require additional privileges.
Install Mechanism
This is an instruction-only skill (no install spec), but it recommends installing Foundry via a curl | bash bootstrap (curl -L https://foundry.paradigm.xyz | bash). That pattern downloads and executes a remote script and is higher-risk than using a reviewed package manager. It also recommends global npm installs and pip installs; these are normal but can alter the system and should be run deliberately.
Credentials
The skill declares no required env vars or credentials (good), but the included framework examples show using SEPOLIA_URL and PRIVATE_KEY in hardhat config. The skill doesn't itself require those creds, but its docs encourage patterns (env-stored private keys) that are sensitive. No unexpected external API keys or unrelated credentials are requested by the skill.
Persistence & Privilege
The skill is instruction-only, has no install-time persistence, and does not request always:true or elevated platform privileges. It will not be force-included or modify other skill configs.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install solidity-lsp - 安装完成后,直接呼叫该 Skill 的名称或使用
/solidity-lsp触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: Solidity language server for smart contract development, compilation, security analysis.
元数据
常见问题
Solidity LSP 是什么?
Solidity language server providing smart contract development support including compilation, linting, security analysis, and code intelligence for .sol files. Use when working with Ethereum smart contracts, Substrate pallets, or any Solidity code that needs compilation, security checks, gas optimization, or code navigation. Essential for ClawChain pallet development. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1147 次。
如何安装 Solidity LSP?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install solidity-lsp」即可一键安装,无需额外配置。
Solidity LSP 是免费的吗?
是的,Solidity LSP 完全免费(开源免费),可自由下载、安装和使用。
Solidity LSP 支持哪些平台?
Solidity LSP 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Solidity LSP?
由 bowen31337(@bowen31337)开发并维护,当前版本 v1.0.0。
推荐 Skills