Expert Tezos blockchain development guidance. Provides security-first smart contract development, FA1.2/FA2 token standards, gas optimization, and production deployment patterns. Use when building Tezos L1 smart contracts or implementing token standards.
Security Analysis
high confidenceThis is an instruction-only Tezos development guidance skill whose requested capabilities and instructions are consistent with its stated purpose; it asks for no credentials or installs and poses low intrinsic risk — verify the upstream repository before following any shell commands it suggests.
The skill's name/description (Tezos smart contract guidance) matches the SKILL.md content. Minor inconsistency: the SKILL.md lists allowed-tools (e.g., Bash(ligo *), Bash(octez-client *)) and the README suggests cloning a GitHub repo for additional tooling, but the registry metadata declares no required binaries or install steps. This is plausible (instruction-only skill) but you should expect to have ligo/octez-client available if you want the full functionality.
SKILL.md contains guidance, code examples, security patterns, and recommendations for testing/deployment. It does not instruct the agent to read arbitrary system files, export environment secrets, or contact unknown external endpoints. It assumes the user will provide contracts/code to analyze (expected behavior for a developer guidance skill).
No install spec and no code files — lowest-risk model. The README shows optional clone/curl commands to a GitHub repo (https://github.com/efekucuk/tezos-skill). If you follow those, treat them as separate operations and audit the remote repo before running any downloaded scripts or binaries.
The skill declares no required environment variables, credentials, or config paths. README mentions optional adjunct tooling (tezos-mcp server, octez-client, ligo) but does not require keys or tokens in the SKILL.md itself — this is proportionate for a documentation/assistant skill.
always: false and model invocation allowed (normal). The skill does not request persistent or elevated privileges and contains no instructions to modify other skills or global agent settings.
Guidance
This skill is an instruction-only Tezos development guide and appears internally consistent. Before relying on it or running any shell commands from the README: 1) verify the upstream repository (the README links to github.com/efekucuk/tezos-skill) and inspect any scripts you would download; 2) do not paste or expose private keys or secrets to the agent — the skill never needs wallet private keys to provide code guidance; 3) if you plan to run ligo/octez-client commands, run them in a local sandbox or test environment (use Shadownet/Ghostnet, not mainnet) and ensure your CLI tooling comes from official sources; 4) treat the README curl/git clone steps as manual actions to audit rather than automatic installs. If you want higher assurance, request the source repository or a verified homepage from the publisher before installing.
Latest Release
v1.0.1
- Improved overall documentation readability and structure for smart contract developers. - Expanded and clarified security patterns, input validation, and gas optimization guidance. - Updated and modernized LIGO and JsLIGO example code for common entry points and patterns. - Added best practices for contract testing and mainnet deployment, emphasizing Shadownet as the primary testnet. - More thorough coverage of FA2 (TZIP-12) token standard, including required entry points and callback usage.
More by @efekucuk
Published by @efekucuk on ClawHub
