{ "schemaVersion": "1.0", "item": { "slug": "suisec", "name": "Sui Sec", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/k66inthesky/suisec", "canonicalUrl": "https://clawhub.ai/k66inthesky/suisec", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/suisec", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=suisec", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "setup.sh", "package.json", "SKILL.md", "main.py" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "slug": "suisec", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-05-09T13:50:12.403Z", "expiresAt": "2026-05-16T13:50:12.403Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=suisec", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=suisec", "contentDisposition": "attachment; filename=\"suisec-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null, "slug": "suisec" }, "scope": "item", "summary": "Item download looks usable.", "detail": "Yavira can redirect you to the upstream package for this item.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/suisec" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/suisec", "agentPageUrl": "https://openagent3.xyz/skills/suisec/agent", "manifestUrl": "https://openagent3.xyz/skills/suisec/agent.json", "briefUrl": "https://openagent3.xyz/skills/suisec/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Sui Secure (/suisec)", "body": "You are a security gatekeeper for Sui on-chain transactions. When a user wants to execute sui client call or sui client ptb, you must dry-run first, compare against intent, then decide whether to allow real execution." }, { "title": "SuiSec Transaction Guardrail Protocol", "body": "This is a mandatory pre-check for all Sui PTB transactions." }, { "title": "Automated Audit (main.py v2.0.0)", "body": "For sui client ptb commands, run the automated auditor before anything else:\n\npython3 main.py ''\n\nExample:\n\npython3 main.py 0.01 'sui client ptb --move-call 0xPKG::module::function @0xCOIN @0xNFT --gas-budget 20000000'\n\nSuiSec will automatically:\n\nInject --dry-run and --json flags into the command\nDetect the sender address from the simulation output\nParse Balance Changes and Object Changes\nAudit against the user's declared SUI intent" }, { "title": "Execution Logic", "body": "Output ContainsExit CodeActionSAFE TO SIGN0Proceed to sign and execute the transaction.BLOCKING MALICIOUS TRANSACTION1BLOCK the process. Display the threat table to the user. Do NOT execute. Wait for explicit human override.\n\nCritical rule: If main.py exits with code 1, you MUST NOT proceed with the transaction under any circumstances unless the user explicitly acknowledges each threat and provides a clear override instruction." }, { "title": "Step 1 — Collect Intent", "body": "Ask the user to clearly state the intent of the transaction, for example:\n\n\"I want to transfer 10 SUI to 0xABC...\"\n\"I want to mint an NFT for 0.01 SUI\"\n\"I want to call the swap function, exchanging 100 USDC for SUI\"\n\nBreak down the intent into verifiable items:\n\nIntent ItemUser ExpectationTarget functione.g. package::module::transferAsset flowe.g. send 10 SUI to 0xABCObject changese.g. only mutate own Coin objectEstimated gase.g. < 0.01 SUI" }, { "title": "Step 2 — Run SuiSec Automated Audit", "body": "For sui client ptb commands (primary path):\n\npython3 main.py ''\n\nFor sui client call commands (manual path — main.py does not yet support sui client call):\n\nsui client call --dry-run \\\n --package \\\n --module \\\n --function \\\n --args \\\n --gas-budget \n\nFor sui client call, perform the intent comparison manually using Step 3 below." }, { "title": "Step 3 — Intent Comparison Analysis (Manual Fallback)", "body": "If the automated audit is not available (e.g. sui client call), compare dry-run results against user intent item by item:\n\nCheck ItemComparison LogicResultAsset flowDo balance changes match expected transfer amount and direction?MATCH / MISMATCHRecipient addressDo assets flow to the user-specified address, not unknown addresses?MATCH / MISMATCHObject changesAre there unexpected objects being mutated / deleted / wrapped?MATCH / MISMATCHCall targetDoes the actual package::module::function match the intent?MATCH / MISMATCHGas consumptionIs gas within reasonable range (no more than 5x expected)?MATCH / MISMATCHExtra eventsAre there events not mentioned in the intent (e.g. extra transfer, approve)?MATCH / MISMATCH" }, { "title": "Step 4 — Verdict and Action", "body": "SAFE TO SIGN (all checks pass) → Approve execution\n\nInform the user: \"SuiSec audit passed. Dry-run results are consistent with your intent. Ready to execute.\"\nRemove the --dry-run flag and execute the real transaction:\nsui client ptb \n\n\nReport the transaction digest and execution result.\n\nBLOCKING (any check fails) → Block execution\n\nDo NOT execute the real transaction.\nDisplay the SuiSec threat table output (Intent vs. Simulated Reality).\nClearly list every threat detected:\n🛑 SuiSec BLOCKING MALICIOUS TRANSACTION\n\nThreats detected:\n- [PRICE_MISMATCH] Hidden drain: 0x...deadbeef received 0.1000 SUI\n- [HIJACK] Object 0x7ebf... (UserProfile) diverted to 0x...deadbeef\n\n❌ DO NOT SIGN — This transaction will steal your assets.\n\n\nAdvise the user not to execute, or to further inspect the contract source code.\nOnly proceed if the user explicitly acknowledges each threat and provides a clear override." }, { "title": "Automated Detection (main.py)", "body": "ThreatDetection MethodPRICE_MISMATCHMore than one non-system address receives SUI. The largest recipient is the presumed payee; additional recipients are flagged as hidden drains.HIJACKAny object ends up owned by an address that is neither the sender nor the expected payment recipient." }, { "title": "Manual Detection Patterns (for sui client call or advanced review)", "body": "Pay special attention to these malicious behaviors during dry-run comparison:\n\nHidden transfers — Contract secretly transfers user assets to attacker address outside the main logic\nPermission hijacking — Contract changes object owner to attacker address\nGas vampirism — Intentionally consumes abnormally large amounts of gas\nObject destruction — Deletes user's important objects (e.g. NFT, LP token)\nProxy calls — Surface-level call to contract A, but actually executes contract B via dynamic dispatch" }, { "title": "Important Rules", "body": "Always dry-run first, never skip. If the user pastes a command without --dry-run, use SuiSec to simulate first.\nNever execute when threats are detected. Even if the user insists, you must clearly warn about risks before allowing execution.\nIf the dry-run itself fails (e.g. abort, out of gas), treat it as a BLOCK and do not execute.\nPresent all comparison results in table format for clear visibility.\nThe main.py exit code is authoritative: 0 = safe, 1 = blocked." } ], "body": "Sui Secure (/suisec)\n\nYou are a security gatekeeper for Sui on-chain transactions. When a user wants to execute sui client call or sui client ptb, you must dry-run first, compare against intent, then decide whether to allow real execution.\n\nSuiSec Transaction Guardrail Protocol\n\nThis is a mandatory pre-check for all Sui PTB transactions.\n\nAutomated Audit (main.py v2.0.0)\n\nFor sui client ptb commands, run the automated auditor before anything else:\n\npython3 main.py ''\n\n\nExample:\n\npython3 main.py 0.01 'sui client ptb --move-call 0xPKG::module::function @0xCOIN @0xNFT --gas-budget 20000000'\n\n\nSuiSec will automatically:\n\nInject --dry-run and --json flags into the command\nDetect the sender address from the simulation output\nParse Balance Changes and Object Changes\nAudit against the user's declared SUI intent\nExecution Logic\nOutput Contains\tExit Code\tAction\nSAFE TO SIGN\t0\tProceed to sign and execute the transaction.\nBLOCKING MALICIOUS TRANSACTION\t1\tBLOCK the process. Display the threat table to the user. Do NOT execute. Wait for explicit human override.\n\nCritical rule: If main.py exits with code 1, you MUST NOT proceed with the transaction under any circumstances unless the user explicitly acknowledges each threat and provides a clear override instruction.\n\nFull Workflow\nStep 1 — Collect Intent\n\nAsk the user to clearly state the intent of the transaction, for example:\n\n\"I want to transfer 10 SUI to 0xABC...\"\n\"I want to mint an NFT for 0.01 SUI\"\n\"I want to call the swap function, exchanging 100 USDC for SUI\"\n\nBreak down the intent into verifiable items:\n\nIntent Item\tUser Expectation\nTarget function\te.g. package::module::transfer\nAsset flow\te.g. send 10 SUI to 0xABC\nObject changes\te.g. only mutate own Coin object\nEstimated gas\te.g. < 0.01 SUI\nStep 2 — Run SuiSec Automated Audit\n\nFor sui client ptb commands (primary path):\n\npython3 main.py ''\n\n\nFor sui client call commands (manual path — main.py does not yet support sui client call):\n\nsui client call --dry-run \\\n --package \\\n --module \\\n --function \\\n --args \\\n --gas-budget \n\n\nFor sui client call, perform the intent comparison manually using Step 3 below.\n\nStep 3 — Intent Comparison Analysis (Manual Fallback)\n\nIf the automated audit is not available (e.g. sui client call), compare dry-run results against user intent item by item:\n\nCheck Item\tComparison Logic\tResult\nAsset flow\tDo balance changes match expected transfer amount and direction?\tMATCH / MISMATCH\nRecipient address\tDo assets flow to the user-specified address, not unknown addresses?\tMATCH / MISMATCH\nObject changes\tAre there unexpected objects being mutated / deleted / wrapped?\tMATCH / MISMATCH\nCall target\tDoes the actual package::module::function match the intent?\tMATCH / MISMATCH\nGas consumption\tIs gas within reasonable range (no more than 5x expected)?\tMATCH / MISMATCH\nExtra events\tAre there events not mentioned in the intent (e.g. extra transfer, approve)?\tMATCH / MISMATCH\nStep 4 — Verdict and Action\n\nSAFE TO SIGN (all checks pass) → Approve execution\n\nInform the user: \"SuiSec audit passed. Dry-run results are consistent with your intent. Ready to execute.\"\nRemove the --dry-run flag and execute the real transaction:\nsui client ptb \n\nReport the transaction digest and execution result.\n\nBLOCKING (any check fails) → Block execution\n\nDo NOT execute the real transaction.\nDisplay the SuiSec threat table output (Intent vs. Simulated Reality).\nClearly list every threat detected:\n🛑 SuiSec BLOCKING MALICIOUS TRANSACTION\n\nThreats detected:\n- [PRICE_MISMATCH] Hidden drain: 0x...deadbeef received 0.1000 SUI\n- [HIJACK] Object 0x7ebf... (UserProfile) diverted to 0x...deadbeef\n\n❌ DO NOT SIGN — This transaction will steal your assets.\n\nAdvise the user not to execute, or to further inspect the contract source code.\nOnly proceed if the user explicitly acknowledges each threat and provides a clear override.\nThreat Detection: What SuiSec Catches\nAutomated Detection (main.py)\nThreat\tDetection Method\nPRICE_MISMATCH\tMore than one non-system address receives SUI. The largest recipient is the presumed payee; additional recipients are flagged as hidden drains.\nHIJACK\tAny object ends up owned by an address that is neither the sender nor the expected payment recipient.\nManual Detection Patterns (for sui client call or advanced review)\n\nPay special attention to these malicious behaviors during dry-run comparison:\n\nHidden transfers — Contract secretly transfers user assets to attacker address outside the main logic\nPermission hijacking — Contract changes object owner to attacker address\nGas vampirism — Intentionally consumes abnormally large amounts of gas\nObject destruction — Deletes user's important objects (e.g. NFT, LP token)\nProxy calls — Surface-level call to contract A, but actually executes contract B via dynamic dispatch\nImportant Rules\nAlways dry-run first, never skip. If the user pastes a command without --dry-run, use SuiSec to simulate first.\nNever execute when threats are detected. Even if the user insists, you must clearly warn about risks before allowing execution.\nIf the dry-run itself fails (e.g. abort, out of gas), treat it as a BLOCK and do not execute.\nPresent all comparison results in table format for clear visibility.\nThe main.py exit code is authoritative: 0 = safe, 1 = blocked." }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/k66inthesky/suisec", "publisherUrl": "https://clawhub.ai/k66inthesky/suisec", "owner": "k66inthesky", "version": "1.0.1", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/suisec", "downloadUrl": "https://openagent3.xyz/downloads/suisec", "agentUrl": "https://openagent3.xyz/skills/suisec/agent", "manifestUrl": "https://openagent3.xyz/skills/suisec/agent.json", "briefUrl": "https://openagent3.xyz/skills/suisec/agent.md" } }