etherscan-verification

The skill 'etherscan-verification' is a set of markdown files (SKILL.md, references/examples.md, references/special-cases.md, references/troubleshooting.md) and a Python script (scripts/extract_constructor_args.py).

1. Prompt Injection: No direct prompt injection patterns (e.g., 'IMPORTANT: Ignore previous instructions') were found in the skill's markdown content or Python script. The skill's instructions are clear and do not attempt to manipulate the AI's behavior.

2. Data Exfiltration: No sensitive file paths (e.g., ~/.aws/credentials, ~/.ssh/id_rsa) are accessed. Network operations are limited to legitimate Etherscan-compatible APIs (e.g., https://api.etherscan.io/v2/api?chainid=...) using curl for API key testing, which targets a whitelisted domain (etherscan.io). The skill uses environment variables ($ETHERSCAN_API_KEY) for API keys, which is a good practice. No data exfiltration to non-whitelisted or suspicious domains was detected.

3. Obfuscation: No obfuscation techniques (Base64, zero-width characters, homoglyphs, URL/hex/HTML encoding) were found in any of the skill files.

4. Unverifiable Dependencies: The skill relies on external tools and libraries:

   • Foundry (forge, cast): The skill explicitly requires Foundry to be installed (Foundry ≥1.3.6). Foundry is a well-known and trusted blockchain development toolkit. This reliance is noted as a LOW severity finding (Trusted External Source).
   • OpenZeppelin Contracts: The skill references node_modules/@openzeppelin/contracts/... for proxy verification. OpenZeppelin is a highly trusted source for smart contract libraries. The skill instructs users to bun install or npm install / yarn for project dependencies, which would include OpenZeppelin. This reliance is noted as a LOW severity finding (Trusted External Source).
   • scripts/extract_constructor_args.py: This is a local Python script provided with the skill. Its code (as described in the markdown) performs string manipulation on hexadecimal input and does not introduce external dependencies or malicious behavior. It uses standard Python libraries (sys, re).

5. Privilege Escalation: No commands attempting to escalate privileges (e.g., sudo, chmod +x, chmod 777, service installations) were found.

6. Persistence Mechanisms: No attempts to establish persistence (e.g., modifying .bashrc, crontab, authorized_keys) were found.

7. Metadata Poisoning: The skill's name and description fields are benign and accurately reflect its purpose.

8. Indirect Prompt Injection: The skill instructs the user to execute various bash commands (forge, cast, jq, grep, diff, cat, python) and provides placeholders for user-supplied inputs (e.g., <CONTRACT_ADDRESS>, <CHAIN_ID>, <ABI_ENCODED_ARGS>). While the skill itself does not contain malicious injection, there is an inherent, low risk that if a user provides maliciously crafted input to these commands, it could potentially lead to unintended command execution. This is a general risk associated with any skill that processes user input for command-line tools. This is noted as a LOW severity finding (Informational risk).

9. Time-Delayed / Conditional Attacks: No time-delayed or conditional attack patterns were detected.

Conclusion: The skill is well-documented and focuses on a legitimate development task. The identified 'threats' are primarily inherent risks associated with using command-line tools and external dependencies in a development environment, rather than malicious intent within the skill's code or instructions. The reliance on trusted external tools and the explicit nature of the commands mitigate these risks to a low level.