Etherlink blockchain interaction - EVM-compatible L2 on Tezos. Supports mainnet and shadownet testnet via MCP server. Use for balance checks, transactions, smart contracts, and token operations on Etherlink.
Security Analysis
medium confidenceThe skill's files and instructions are generally consistent with a blockchain/MCP integration, but there are several practical risks and gaps (unknown source, recommended npx usage, and guidance to place private keys in MCP config) that warrant caution before installing or running anything.
The name/description (Etherlink blockchain interaction) matches the included docs, network references, and test script. The skill's instructions focus on configuring an MCP server and using Etherlink RPCs which is coherent for the stated purpose. Minor concerns: the repository source is unknown and the references point to an unverified 'yourusername/etherlink-mcp-server' GitHub path and external domains (node.*.etherlink.com), so provenance is unclear.
SKILL.md stays mostly within expected scope (balance, txs, contracts, network selection). It explicitly instructs adding a PRIVATE_KEY/EVM_PRIVATE_KEY environment variable to the MCP configuration for write operations — which is expected for a wallet-like integration but is sensitive. The docs also instruct running remote packages (npx) or local builds; the guidance does not tell the agent to read unrelated system files or exfiltrate data, but it could cause the agent or user to place secret keys into a process environment that will run third-party code.
The skill itself has no install spec, but the included MCP setup docs recommend using 'npx -y etherlink-mcp-server' or cloning/running code (bun run). Using npx (or running an unverified GitHub-sourced server) executes code from external registries/hosts and can run arbitrary code. Because the upstream package/source is unverified here and no official homepage/repository is provided, this is a notable risk.
The skill does not declare required env vars in metadata, which is correct for an instruction-only skill. However SKILL.md and mcp-setup.md explicitly recommend setting PRIVATE_KEY / EVM_PRIVATE_KEY in MCP server env for write operations. Requesting a signing key is proportionate to sending transactions, but storing private keys in MCP config or passing them to npx-run servers is sensitive and should be minimized (use read-only mode, hardware wallets, or ephemeral keys for testing).
No always:true flag, no installs that modify other skills or system-wide settings. The skill is instruction-only plus a small test script and reference docs; it does not request elevated platform privileges in its metadata.
Guidance
This skill appears to be what it says — documentation and a small test script for interacting with an Etherlink RPC — but exercise caution before you run or install any related MCP server code. Specific actions to take before installing/using: - Verify origin: ask the publisher for a canonical homepage or repository. Do not run npx or clone/run code from an untrusted/unknown package. - Audit server code: if you plan to run an MCP server, fetch its source (git) and review it locally before running. Avoid 'npx -y' for untrusted packages. - Protect private keys: never place a high-value private key into a third-party MCP config you haven't audited. Use read-only mode for routine queries; use an ephemeral or testnet key for experiments. - Prefer running your own RPC or MCP instance behind your control to avoid sending sensitive signing material to remote code. - Test on Shadownet first and confirm RPC endpoints (node.*.etherlink.com) are legitimate and reachable. If you cannot verify the upstream package/repository or inspect the MCP server source, treat the recommended install commands (npx, remote builds) as a significant risk and avoid providing real private keys.
Latest Release
v1.0.0
- Initial release of the etherlink-skill (v1.0.0). - Enables balance checks, transactions, contract calls, and token operations on Etherlink’s EVM L2 (mainnet & testnet). - Supports integration via MCP server, with network selection by name or chain ID. - Documents key Etherlink differences (XTZ as native, no EIP-1559, rate limits). - Provides code snippets and troubleshooting tips for common use cases. - Includes links to documentation, block explorers, and testnet faucet.
More by @efekucuk
Published by @efekucuk on ClawHub
