What is the difference between modes?

standard gives a balanced technical explanation; paranoid emphasizes risks and attack vectors; vc focuses on business value and implications; lawyer presents formal rights and obligations.

What sources does it use?

It uses all Solidity files in src/ and documentation files README.md, SECURITY.md, and THREAT_MODEL.md.

Who should read the report?

Developers, security auditors, product teams, and legal/compliance personnel.

explain

Scanned

npx machina-cli add skill HCS412/contractkit/explain --openclaw

Files (1)

SKILL.md

2.5 KB

ContractKit: Explain

Explain what a contract does, who can do what, and potential risks.

Usage

/contractkit:explain [mode]

Modes:

standard (default) - Balanced technical explanation
paranoid - Focus on risks and attack vectors
vc - Business-focused, what does it enable
lawyer - Formal, focuses on rights and obligations

Process

1. Read Contract Sources

Read all .sol files in src/:

find src -name "*.sol"

2. Read Documentation

Check for:

README.md
SECURITY.md
THREAT_MODEL.md

3. Analyze and Generate Report

Generate a report covering:

What This Contract Does

Core functionality in plain language
What problem it solves
Key features

Who Can Do What

Role	Capabilities
Owner/Admin	...
Minter	...
Anyone	...

Risk Summary

Access control risks
Economic risks
Technical risks

Things to Review Before Mainnet

Checklist of items to verify
Suggested auditor focus areas

Output Format

Standard Mode

## What This Contract Does

[Plain language description]

## Who Can Do What

| Role | Capabilities |
|------|--------------|
| ... | ... |

## Risk Summary

- **Access Control**: [risks]
- **Economic**: [risks]
- **Technical**: [risks]

## Before Mainnet

- [ ] Item 1
- [ ] Item 2

Paranoid Mode

Focus on attack vectors, worst-case scenarios, and trust assumptions.

VC Mode

Focus on value proposition, market fit, and business model implications.

Lawyer Mode

Formal language, focus on rights, obligations, and liability considerations.

Example

User: /contractkit:explain

## What This Contract Does

This is an ERC20 token with role-based minting. Designated minters
can create new tokens, while a separate admin role controls who
can mint.

## Who Can Do What

| Role | Capabilities |
|------|--------------|
| DEFAULT_ADMIN_ROLE | Grant/revoke roles, including minter |
| MINTER_ROLE | Mint new tokens to any address |
| Token Holder | Transfer, approve, transferFrom |
| Anyone | View balances and allowances |

## Risk Summary

- **Access Control**: Admin key compromise enables unlimited minting
- **Economic**: No supply cap; minters can inflate supply
- **Technical**: Standard OZ implementation, well-tested

## Before Mainnet

- [ ] Transfer admin to multi-sig
- [ ] Implement minting limits or caps
- [ ] Set up monitoring for large mints
- [ ] Get security audit

Source

git clone https://github.com/HCS412/contractkit/blob/main/plugins/contractkit/skills/explain/SKILL.mdView on GitHub

Overview

ContractKit: Explain analyzes Solidity sources and documentation to describe what a contract does, who can act, and associated risks. It distills technical detail into plain language for stakeholders, auditors, and decision-makers, helping teams assess security, governance, and business impact before mainnet.

How This Skill Works

It scans Solidity sources in src/*.sol, reads README.md, SECURITY.md, and THREAT_MODEL.md, then builds a report with sections: What This Contract Does, Who Can Do What, Risk Summary, and Before Mainnet. It supports four modes (standard, paranoid, vc, lawyer) to match technical or business perspectives.

When to Use It

When evaluating a new contract in a repo to understand its core features and risks.
When presenting to non-technical stakeholders who need a clear rights/permissions view.
When performing a risk-focused review prior to mainnet deployment (paranoid mode).
When preparing a legal or compliance briefing (lawyer mode).
When briefing auditors on what to verify in an audit (checklist focus).

Quick Start

Step 1: Run the explain command with a mode, e.g., /contractkit:explain standard.
Step 2: Read the generated sections: What This Contract Does and Who Can Do What.
Step 3: Review Risk Summary and Before Mainnet items to prepare for audit or deployment.

Best Practices

Read all Solidity sources in src/ to capture core functionality.
Check README.md, SECURITY.md, and THREAT_MODEL.md for extra context.
Cross-check the 'Who Can Do What' table with actual access controls in code.
Choose the mode that best matches the audience (standard for general, paranoid for risk-heavy reviews).
Include the Before Mainnet checklist and align it with auditor focus areas.

Example Use Cases

ERC20 token with role-based minting and admin control.
Token with minter and admin roles plus standard holder rights (transfer, approve).
Governance contract with an admin/owner oversight and proposal mechanisms.
DeFi vault with access control and upgradeability considerations.
Treasury contract with spending limits and multi-sig review prompts.

Frequently Asked Questions

Add this skill to your agents