megaeth-developer
End-to-end MegaETH development playbook (Feb 2026). Covers wallet operations, token swaps (Kyber Network), eth_sendRawTransactionSync (EIP-7966) for instant receipts, JSON-RPC batching, real-time mini-block subscriptions, storage-aware contract patterns (Solady RedBlackTreeLib), MegaEVM gas model, WebSocket keepalive, bridging from Ethereum, and debugging with mega-evme. Use when building on MegaETH, managing wallets, sending transactions, or deploying contracts.
89
86%
Does it follow best practices?
Impact
91%
2.06xAverage score across 3 eval scenarios
Advisory
Suggest reviewing before use
Security
2 findings — 2 medium severity. This skill can be installed but you should review these findings before use.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and interpret live public third‑party data (e.g., Kyber aggregator API calls in wallet-operations.md and WebSocket mini-block subscriptions to wss://mainnet.megaeth.com/ws in frontend-patterns.md, plus public RPC responses across rpc-methods.md) and uses those responses to build transactions and drive subsequent actions, exposing the agent to untrusted external content that could influence behavior.
W009: Direct money access capability detected (payment gateways, crypto, banking)
What this means
The skill is specifically designed for direct financial operations, giving the agent the ability to move money or execute financial transactions — such as payment processing, cryptocurrency operations, banking integrations, or market order execution.
Why it was flagged
Direct money access detected (high risk: 1.00). The skill is explicitly designed for blockchain financial operations. It includes wallet setup/management, signing and submitting transactions (eth_sendRawTransactionSync / "sign locally → eth_sendRawTransactionSync"), token swaps via the Kyber Network aggregator, bridging ETH, and RPC methods for sending and monitoring transactions. These are specific crypto/blockchain execution capabilities (wallets, swaps, signing, transaction submission), so it grants direct financial execution authority.
- Repository
- Demerzels-lab/elsamultiskillagent
- Commit
45f9fac
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.