Official Verified developer tools Safety 2/5

onchain-contract-token-analysis

Analyze smart contracts, token mechanics, permissions, fee flows, upgradeability, market risks, and likely attack surfaces for onchain projects. Use when reviewing ERC-20s, launchpads, vaults, staking systems, LP fee routing, ownership controls, proxy setups, or suspicious token behavior.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/0xrowan/onchain-contract-token-ana

Download Source Code (.zip)

What This Skill Does

The onchain-contract-token-analysis skill provides a specialized framework for auditing, inspecting, and understanding the security and economic posture of smart contracts and tokenized projects. It moves beyond superficial checks to analyze the underlying architecture, permission models, and financial flows of onchain systems. The skill acts as a security analyst, systematically mapping out ownership structures, identifying central points of failure, assessing upgradeability risks (like proxy patterns), and uncovering potentially malicious mechanics such as hidden minting, blacklists, or tax manipulation.

Installation

To integrate this skill into your environment, run the following command in your terminal: clawhub install openclaw/skills/skills/0xrowan/onchain-contract-token-ana

Use Cases

Token Due Diligence: Evaluate new tokens before investment by checking for honeypot risks, tax on transfer, and hidden administrative backdoors.
Protocol Security Review: Analyze decentralized exchanges, staking vaults, or yield aggregators to understand fee routing and fund custody risks.
Admin Control Assessment: Review contracts to identify who holds "god-mode" privileges, such as the ability to pause trading, blacklist wallets, or update logic implementation via proxies.
Upgradeability Audits: Verify that proxy-based projects are securely initialized and that upgrade authorities cannot unilaterally drain liquidity or change core logic.

Example Prompts

"Analyze the contract at 0xABC...123. Specifically, identify if the owner has the power to disable trading or blacklist addresses, and tell me where the transaction fees are routed."
"Perform a risk assessment on this staking vault. Are there any reentrancy risks or arbitrary call vectors, and is the deposit logic safe for standard ERC-20s?"
"Review this proxy contract setup. Is the implementation immutable, or can the admin swap the underlying logic to a malicious contract at any time? Check the storage layout stability."

Tips & Limitations

Depth vs. Breadth: The analysis is most effective when the target contract source code or verified ABI is provided. If source code is hidden, the skill relies on bytecode decompilation and event analysis, which may be less precise.
Dynamic Risks: Remember that onchain analysis is a snapshot in time; protocol configurations can change if parameters are governed by a DAO or timelock.
Security Disclaimer: This skill is an analytical aid. It performs pattern matching against known vulnerability signatures and architectural risks, but it is not a substitute for a full-scale manual audit by security researchers.

Read Full Documentation on GitHub

Metadata

Author@0xrowan

Stars4473

Updated2026-05-01

View Author Profile

AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill

Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-0xrowan-onchain-contract-token-ana": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags(AI)

#smart-contracts#security#defi#auditing#web3

Safety Score: 2/5

Flags: network-access, code-execution

Related Skills