Official Verified developer tools Safety 4/5

onchain-contract-token-analysis

Analyze smart contracts, token mechanics, permissions, fee flows, upgradeability, market risks, and likely attack surfaces for onchain projects. Use when reviewing ERC-20s, launchpads, vaults, staking systems, LP fee routing, ownership controls, proxy setups, or suspicious token behavior.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/0xrowan/onchain-contract-tokens

Download Source Code (.zip)

What This Skill Does

The onchain-contract-token-analysis skill is a sophisticated security and architecture review engine for OpenClaw. It enables you to perform deep-dive audits of smart contracts, ranging from simple ERC-20 tokens to complex multi-module protocol systems. The skill systematically maps out ownership structures, evaluates privileged functions, traces fee routing, identifies hidden tax or blacklist logic, and detects common attack vectors such as reentrancy or unsafe external calls. It effectively acts as a security auditor that translates dense Solidity bytecode and ABI structures into human-readable risk assessments.

Installation

To integrate this analysis engine into your environment, use the OpenClaw command-line interface: clawhub install openclaw/skills/skills/0xrowan/onchain-contract-tokens

Use Cases

Security Auditing: Rapidly identify potential drainers or rug-pull mechanisms in new token contracts.
Protocol Due Diligence: Understand the trust assumptions of a staking vault before depositing capital.
Governance Analysis: Determine the extent of administrative control and the potential for unilateral rug-pulls by protocol owners.
Bug Bounty Discovery: Proactively scout for common vulnerabilities like missing deadline checks in routers or unsafe storage layouts in proxy patterns.
Tokenomics Validation: Verify if transfer fees, liquidity locks, or minting schedules align with project whitepapers.

Example Prompts

"Analyze this token contract address [0x...] and tell me if the owner has the ability to blacklist wallets or change transfer fees at will."
"Review the staking vault architecture here [link/code]. Explain how yield is generated, where the fees go, and if the contract is upgradeable by the deployer."
"Perform a risk assessment on this liquidity pool router. Are there reentrancy risks or missing slippage protections in the swap functions?"

Tips & Limitations

Context is King: Providing the contract source code or Etherscan/Blockscout link is essential for high-fidelity output. The more context you provide, the better the analysis.
Not a Formal Audit: While this skill is robust, it does not replace a comprehensive human-led manual audit. Always perform your own due diligence before deploying or interacting with unverified contracts.
Proxy Complexity: When dealing with transparent or UUPS proxies, ensure you provide both the proxy and the implementation address to receive an accurate assessment of the logic layer.
State Variability: Onchain state can change; if a contract is upgradeable, note that an analysis performed today may be invalidated by an implementation upgrade tomorrow.

Read Full Documentation on GitHub

Metadata

Author@0xrowan

Stars4473

Updated2026-05-01

View Author Profile

AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill

Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-0xrowan-onchain-contract-tokens": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags(AI)

#smart-contract#security#blockchain#defi#auditing

Safety Score: 4/5

Flags: network-access, code-execution

Related Skills