onchain contract token analysis
by @0xrowan
Analyze smart contracts, token mechanics, permissions, fee flows, upgradeability, market risks, and likely attack surfaces for onchain projects. Use when rev...
clawhub install onchain-contract-token-analyπ About This Skill
name: onchain-contract-token-analysis description: Analyze smart contracts, token mechanics, permissions, fee flows, upgradeability, market risks, and likely attack surfaces for onchain projects. Use when reviewing ERC-20s, launchpads, vaults, staking systems, LP fee routing, ownership controls, proxy setups, or suspicious token behavior. user-invocable: true metadata: {"openclaw":{"emoji":"π","skillKey":"onchain-contract-token-analysis"}}
Onchain Contract / Token Analysis
Use this skill when the task is to assess a token, protocol, launch module, vault, staking system, router, or related onchain project from a security, permissions, tokenomics, or behavior perspective.
Core objective
Produce a practical analysis that answers:
Workflow
1. Identify the scope
First determine which of these the request actually targets:
If the scope is unclear, infer it from the files, addresses, ABI names, deployment scripts, or docs.
2. Map the architecture
Before judging risk, build a compact model of the system:
Prefer a short system map over long prose.
3. Check control and permissions
Always verify:
owner, admin, governor, operator, manager, signerCall out who can do what, and whether those powers are bounded or dangerous.
4. Check token mechanics
For ERC-20 and tokenized systems, verify:
If the token claims to be standard, confirm whether behavior actually matches that claim.
5. Check fee and value flow
Trace where user funds or protocol fees go:
Do not just name recipients. Explain whether they are:
6. Check upgradeability and mutability
If proxies or modules exist, verify:
If not upgradeable, still check whether behavior can change through configurable modules.
7. Check attack surface
Look for:
When risk depends on business assumptions, state that explicitly.
8. Check market-facing risk
When the target is a token or launch flow, explicitly assess:
Do not overclaim. Distinguish:
Output format
Default to this structure:
Summary
One short paragraph stating what the system is and the top conclusion.
Findings
List issues in severity order:
Trust model
State:
Token / fee flow
Explain:
Open questions
List anything blocked by missing source, missing ABI, missing deployment info, or offchain dependencies.
Special guidance
When reviewing a suspicious token
Be precise:
When reviewing a launch module
Always distinguish:
When chain data is required
If the task depends on live state, verify with current chain or explorer data instead of assuming from source alone.