Is 0xbreadguy/megaeth-ai-developer-skills safe?

https://github.com/openclaw/skills/tree/main/skills/0xbreadguy/megaeth-ai-developer-skills

93
SAFE

This skill is a comprehensive, well-structured MegaETH blockchain development guide containing only markdown documentation and JSON metadata. No executable code, no data exfiltration patterns, no prompt injection techniques, and no suspicious clone-time behavior were detected. All network activity during installation was limited to expected GitHub and Ubuntu services. The only minor concerns are hardcoded contract addresses that require trust in the skill author and opinionated defaults that guide agent behavior toward specific implementation patterns.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (6)

LOW Opinionated default stack decisions guide agent behavior -5

The skill establishes opinionated defaults ('eth_sendRawTransactionSync first', 'skip estimation when possible', 'hardcode gas limits to save round-trip') that shape how the agent approaches MegaETH development tasks. While these are standard developer guide patterns and not malicious, they do steer agent behavior toward specific implementation choices without requiring explicit user opt-in.

INFO External URL references in documentation -5

The skill references multiple external URLs (docs.megaeth.com, GitHub repositories, Kyber Network API, block explorers) as documentation links. These are informational references, not fetch instructions, but an agent with web browsing capabilities might follow them to load additional context.

LOW Wallet private key handling instructions -5

The skill includes code examples showing private key usage (privateKeyToAccount('0x...'), new ethers.Wallet('0x...privateKey')). While these are standard blockchain development patterns with appropriate security warnings, an agent following these patterns could handle real private keys in conversation context.

INFO Shell commands in documentation examples -5

Documentation includes shell commands for tooling installation (git clone, cargo build) and deployment (forge script --broadcast). These are standard developer workflow commands documented as examples, not auto-executed, but an agent could execute them if instructed by a user.

INFO Hardcoded contract addresses require trust in skill author -10

The skill hardcodes bridge contract address (0x0CA3A2FBC3D770b578223FBB6b062fa875a2eE75), WETH (0x4200...0006), MEGA token, and other contract addresses. Users must trust these are legitimate. A malicious skill author could substitute attacker-controlled addresses to redirect funds.

INFO Cross-skill reference to warren-deploy -5

The skill references another ClawHub skill (planetai87/warren-deploy) for on-chain website deployment. While this is a legitimate ecosystem cross-reference, it means the skill's effective scope expands if both skills are installed.