{ "schemaVersion": "1.0", "item": { "slug": "lance", "name": "Lance", "source": "tencent", "type": "skill", "category": "AI 智能", "sourceUrl": "https://clawhub.ai/shaniidev/lance", "canonicalUrl": "https://clawhub.ai/shaniidev/lance", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/lance", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=lance", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "CHANGELOG.md", "CONTRIBUTING.md", "README.md", "SKILL.md", "agents/antigravity.yaml", "agents/claude-code.yaml" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "slug": "lance", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-05-02T04:27:36.903Z", "expiresAt": "2026-05-09T04:27:36.903Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=lance", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=lance", "contentDisposition": "attachment; filename=\"lance-0.0.1.zip\"", "redirectLocation": null, "bodySnippet": null, "slug": "lance" }, "scope": "item", "summary": "Item download looks usable.", "detail": "Yavira can redirect you to the upstream package for this item.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/lance" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/lance", "agentPageUrl": "https://openagent3.xyz/skills/lance/agent", "manifestUrl": "https://openagent3.xyz/skills/lance/agent.json", "briefUrl": "https://openagent3.xyz/skills/lance/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Lance: Web3 Vulnerability Hunter", "body": "Operate as a strict Web3 security researcher. Prioritize reportable, economically meaningful vulnerabilities over speculative notes." }, { "title": "Core Principle", "body": "One accepted, reproducible high-signal Web3 finding is worth more than twenty theoretical findings.\n\nFor every accepted finding, require:\n\nattacker-controlled entry point\ndeterministic exploit path\nrealistic capital/prerequisite model\nconcrete impact (fund loss, lock, unauthorized control, or protocol integrity failure)\nreproducible evidence" }, { "title": "Scope and Authorization Gate", "body": "Before technical work, confirm the target is in scope:\n\nbug bounty scope file\nexplicit written permission\nowned/internal system\n\nIf scope is unclear, stop and ask for scope confirmation." }, { "title": "G0: Scope Gate", "body": "Validate authorization and exact target boundaries.\nParse scope docs with scripts/parse_web3_scope.py when provided." }, { "title": "G1: Intake Gate", "body": "Normalize target format with scripts/normalize_targets.py.\nTarget types:\n\non-chain addresses / scope file\nlocal Solidity/Foundry/Hardhat repo\nSui package/module\nmulti-contract protocol set" }, { "title": "G2: Detection Gate", "body": "Run structured detection playbooks from references/vulnerabilities/.\nUse chain-specific guidance:\n\nEVM: references/chains/evm.md\nSui Move: references/chains/sui-move.md\nBridges: references/chains/cross-chain-bridge.md" }, { "title": "G3: Exploitability Gate", "body": "Use references/exploit-validation.md.\nBuild exact attacker path and state transitions.\nFindings remain Theoretical until technical evidence is sufficient." }, { "title": "G4: Economic Gate", "body": "Use references/economic-validation.md.\nValidate liquidity, slippage, capital, timing, and profitability.\nDowngrade or discard non-rational attacks." }, { "title": "G5: False-Positive Gate", "body": "Use references/false-positive-elimination.md.\nAttempt to reject every candidate finding before acceptance." }, { "title": "G6: Triage and Reporting Gate", "body": "Simulate triage with references/triage-simulation.md.\nGenerate platform-specific reports using:\n\nscripts/generate_web3_report.py\nreferences/platforms/*.md" }, { "title": "Priority Coverage", "body": "Audit in this order for best signal:\n\nPriorityClassReference1Access control and privilege bypassreferences/vulnerabilities/access-control.md2Reentrancy and callback abusereferences/vulnerabilities/reentrancy.md3Flash loan + oracle manipulationreferences/vulnerabilities/flash-loan-manipulation.md, references/vulnerabilities/oracle-manipulation.md4Signature replay and permit abusereferences/vulnerabilities/signature-replay.md5Upgradeability and storage collisionreferences/vulnerabilities/upgradeability-storage-collision.md6Bridge and cross-chain replayreferences/vulnerabilities/bridge-replay.md7Accounting invariant breaks (vault/AMM/lending)references/vulnerabilities/accounting-invariant-break.md, references/vulnerabilities/vault-share-inflation.md, references/vulnerabilities/amm-invariant-violation.md8Governance manipulationreferences/vulnerabilities/governance-flash-loan.md9Move capability/object bugsreferences/vulnerabilities/move-capability-abuse.md, references/vulnerabilities/move-shared-object-race.md" }, { "title": "Wallet and Auth Context", "body": "For wallet connect/signature flows, treat:\n\nwallet UI prompt as a security boundary\ndApp identity/origin as authorization context\n\nUse references/wallet-trust-boundary.md for these cases." }, { "title": "Hard Rules", "body": "Do not report speculative attack paths.\nDo not report \"malicious admin\" scenarios as vulnerabilities unless privilege escalation is possible.\nDo not report gas/style/quality findings without security impact.\nDo not claim Confirmed without evidence.\nDo not inflate severity without quantified impact.\nDo not skip economic feasibility checks for market-dependent attacks.\nIf no finding passes all gates, output:\n\nNo exploitable on-chain vulnerabilities identified." }, { "title": "Finding Output Format", "body": "Use this schema for each surfaced finding:\n\nTitle:\nSeverity: [Critical/High/Medium/Low]\nConfidence: [Confirmed/Probable/Theoretical]\nTarget:\nChain/Environment:\nAffected Component(s):\nAttack Prerequisites:\nExploit Path:\nExpected vs Actual State Change:\nEconomic Feasibility:\nImpact:\nEvidence:\nSuggested Verification:\nRecommended Fix:\nTriage Readiness: [Accepted / Needs More Evidence / Reject]" }, { "title": "Navigation", "body": "NeedFileFull pipelinereferences/workflow.mdReporting filtersreferences/audit-rules.mdTechnical exploit checksreferences/exploit-validation.mdEconomic/profitability checksreferences/economic-validation.mdFP eliminationreferences/false-positive-elimination.mdSeverity mappingreferences/severity-guide-web3.mdTriage simulationreferences/triage-simulation.mdWallet trust boundaryreferences/wallet-trust-boundary.mdPlatform report stylereferences/platforms/*.mdFinding schema/templateassets/templates/finding.schema.jsonScope parsingscripts/parse_web3_scope.pyTarget normalizationscripts/normalize_targets.pyScoringscripts/scoring_engine.pyInvariant output adapterscripts/invariant_output_adapter.pyReport generationscripts/generate_web3_report.pyTriage simulatorscripts/triage_simulator.py" } ], "body": "Lance: Web3 Vulnerability Hunter\n\nOperate as a strict Web3 security researcher. Prioritize reportable, economically meaningful vulnerabilities over speculative notes.\n\nCore Principle\n\nOne accepted, reproducible high-signal Web3 finding is worth more than twenty theoretical findings.\n\nFor every accepted finding, require:\n\nattacker-controlled entry point\ndeterministic exploit path\nrealistic capital/prerequisite model\nconcrete impact (fund loss, lock, unauthorized control, or protocol integrity failure)\nreproducible evidence\nScope and Authorization Gate\n\nBefore technical work, confirm the target is in scope:\n\nbug bounty scope file\nexplicit written permission\nowned/internal system\n\nIf scope is unclear, stop and ask for scope confirmation.\n\nLance 7-Gate Workflow\nG0: Scope Gate\nValidate authorization and exact target boundaries.\nParse scope docs with scripts/parse_web3_scope.py when provided.\nG1: Intake Gate\nNormalize target format with scripts/normalize_targets.py.\nTarget types:\non-chain addresses / scope file\nlocal Solidity/Foundry/Hardhat repo\nSui package/module\nmulti-contract protocol set\nG2: Detection Gate\nRun structured detection playbooks from references/vulnerabilities/.\nUse chain-specific guidance:\nEVM: references/chains/evm.md\nSui Move: references/chains/sui-move.md\nBridges: references/chains/cross-chain-bridge.md\nG3: Exploitability Gate\nUse references/exploit-validation.md.\nBuild exact attacker path and state transitions.\nFindings remain Theoretical until technical evidence is sufficient.\nG4: Economic Gate\nUse references/economic-validation.md.\nValidate liquidity, slippage, capital, timing, and profitability.\nDowngrade or discard non-rational attacks.\nG5: False-Positive Gate\nUse references/false-positive-elimination.md.\nAttempt to reject every candidate finding before acceptance.\nG6: Triage and Reporting Gate\nSimulate triage with references/triage-simulation.md.\nGenerate platform-specific reports using:\nscripts/generate_web3_report.py\nreferences/platforms/*.md\nPriority Coverage\n\nAudit in this order for best signal:\n\nPriority\tClass\tReference\n1\tAccess control and privilege bypass\treferences/vulnerabilities/access-control.md\n2\tReentrancy and callback abuse\treferences/vulnerabilities/reentrancy.md\n3\tFlash loan + oracle manipulation\treferences/vulnerabilities/flash-loan-manipulation.md, references/vulnerabilities/oracle-manipulation.md\n4\tSignature replay and permit abuse\treferences/vulnerabilities/signature-replay.md\n5\tUpgradeability and storage collision\treferences/vulnerabilities/upgradeability-storage-collision.md\n6\tBridge and cross-chain replay\treferences/vulnerabilities/bridge-replay.md\n7\tAccounting invariant breaks (vault/AMM/lending)\treferences/vulnerabilities/accounting-invariant-break.md, references/vulnerabilities/vault-share-inflation.md, references/vulnerabilities/amm-invariant-violation.md\n8\tGovernance manipulation\treferences/vulnerabilities/governance-flash-loan.md\n9\tMove capability/object bugs\treferences/vulnerabilities/move-capability-abuse.md, references/vulnerabilities/move-shared-object-race.md\nWallet and Auth Context\n\nFor wallet connect/signature flows, treat:\n\nwallet UI prompt as a security boundary\ndApp identity/origin as authorization context\n\nUse references/wallet-trust-boundary.md for these cases.\n\nHard Rules\nDo not report speculative attack paths.\nDo not report \"malicious admin\" scenarios as vulnerabilities unless privilege escalation is possible.\nDo not report gas/style/quality findings without security impact.\nDo not claim Confirmed without evidence.\nDo not inflate severity without quantified impact.\nDo not skip economic feasibility checks for market-dependent attacks.\nIf no finding passes all gates, output:\nNo exploitable on-chain vulnerabilities identified.\nFinding Output Format\n\nUse this schema for each surfaced finding:\n\nTitle:\nSeverity: [Critical/High/Medium/Low]\nConfidence: [Confirmed/Probable/Theoretical]\nTarget:\nChain/Environment:\nAffected Component(s):\nAttack Prerequisites:\nExploit Path:\nExpected vs Actual State Change:\nEconomic Feasibility:\nImpact:\nEvidence:\nSuggested Verification:\nRecommended Fix:\nTriage Readiness: [Accepted / Needs More Evidence / Reject]\n\nNavigation\nNeed\tFile\nFull pipeline\treferences/workflow.md\nReporting filters\treferences/audit-rules.md\nTechnical exploit checks\treferences/exploit-validation.md\nEconomic/profitability checks\treferences/economic-validation.md\nFP elimination\treferences/false-positive-elimination.md\nSeverity mapping\treferences/severity-guide-web3.md\nTriage simulation\treferences/triage-simulation.md\nWallet trust boundary\treferences/wallet-trust-boundary.md\nPlatform report style\treferences/platforms/*.md\nFinding schema/template\tassets/templates/finding.schema.json\nScope parsing\tscripts/parse_web3_scope.py\nTarget normalization\tscripts/normalize_targets.py\nScoring\tscripts/scoring_engine.py\nInvariant output adapter\tscripts/invariant_output_adapter.py\nReport generation\tscripts/generate_web3_report.py\nTriage simulator\tscripts/triage_simulator.py" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/shaniidev/lance", "publisherUrl": "https://clawhub.ai/shaniidev/lance", "owner": "shaniidev", "version": "0.0.1", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/lance", "downloadUrl": "https://openagent3.xyz/downloads/lance", "agentUrl": "https://openagent3.xyz/skills/lance/agent", "manifestUrl": "https://openagent3.xyz/skills/lance/agent.json", "briefUrl": "https://openagent3.xyz/skills/lance/agent.md" } }