📦 智能

v1.0.0

审计 Solidity 合约的常见漏洞与设计风险。

0· 0·0 当前·0 累计

by @mzfshark (Mauricio Z. Filho)

安全设计工具区块链

下载技能包

最后更新

2026/4/24

安全扫描

VirusTotal

无害

查看报告

OpenClaw

安全

high confidence

仅用于指令的 Solidity 审计技能，其需求与运行时指令与其声明目的一致，不请求额外权限，也不安装代码。

评估建议

This skill is instruction-only and appears coherent for auditing Solidity source files. However: (1) verify the skill author/owner provenance before trusting reports (metadata shows inconsistent author/owner labels); (2) do not feed any private keys, mnemonic phrases, or other secrets as part of the 'scope' input — audits should only include contract source and harmless test artifacts; (3) treat the generated audit as advisory: cross-check findings with standard static analyzers (Slither, Mythri...

详细分析 ▾

ℹ 用途与能力

The name, description, and runtime instructions all align: the skill describes checklist-based auditing of Solidity contracts and requires only contract sources as input. Minor metadata inconsistencies exist (author listed as "RedHat Dev" in SKILL.md/_meta.json while registry owner is a different ID), which is a provenance/labeling issue but not a technical mismatch with functionality.

✓ 指令范围

SKILL.md is explicit and scoped to analyzing the provided `scope` files, mapping entrypoints/roles, checklist review, and producing findings. It does not instruct the agent to read unrelated files, access external endpoints, or exfiltrate data. It also contains safety guidance not to provide exploit code for real targets.

✓ 安装机制

There is no install spec and no code files. This is instruction-only, so nothing will be downloaded or written to disk by the skill itself.

✓ 凭证需求

The skill declares no required environment variables, credentials, or config paths. There is no disproportionate credential request for the described audit functionality.

ℹ 持久化与权限

The skill does not request always:true and is user-invocable. The skill allows normal autonomous model invocation (platform default), which increases blast radius only in combination with other risks — no such risks are present here.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/4/24

smart-contract-audit v1.0.0 —— 首次发布，为 Solidity 合约提供确定性、基于证据的漏洞审查。审计可识别访问控制缺陷、重入、记账错误及 ERC 标准合规等风险。输入支持自定义范围、威胁模型与部署假设。输出结构化 YAML 审计报告，含优先级发现与可操作建议。强调负责任披露、复现指引与明确风险说明。

● 无害

安装命令

点击复制

官方npx clawhub@latest install axodus-smartcontracts-audits

镜像加速npx clawhub@latest install axodus-smartcontracts-audits --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库