# Send Sui Sec to your agent
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
## Fast path
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
## Suggested prompts
### New install

```text
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.
```
### Upgrade existing

```text
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.
```
## Machine-readable fields
```json
{
  "schemaVersion": "1.0",
  "item": {
    "slug": "suisec",
    "name": "Sui Sec",
    "source": "tencent",
    "type": "skill",
    "category": "开发工具",
    "sourceUrl": "https://clawhub.ai/k66inthesky/suisec",
    "canonicalUrl": "https://clawhub.ai/k66inthesky/suisec",
    "targetPlatform": "OpenClaw"
  },
  "install": {
    "downloadUrl": "/downloads/suisec",
    "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=suisec",
    "sourcePlatform": "tencent",
    "targetPlatform": "OpenClaw",
    "packageFormat": "ZIP package",
    "primaryDoc": "SKILL.md",
    "includedAssets": [
      "setup.sh",
      "package.json",
      "SKILL.md",
      "main.py"
    ],
    "downloadMode": "redirect",
    "sourceHealth": {
      "source": "tencent",
      "slug": "suisec",
      "status": "healthy",
      "reason": "direct_download_ok",
      "recommendedAction": "download",
      "checkedAt": "2026-05-09T13:50:12.403Z",
      "expiresAt": "2026-05-16T13:50:12.403Z",
      "httpStatus": 200,
      "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=suisec",
      "contentType": "application/zip",
      "probeMethod": "head",
      "details": {
        "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=suisec",
        "contentDisposition": "attachment; filename=\"suisec-1.0.1.zip\"",
        "redirectLocation": null,
        "bodySnippet": null,
        "slug": "suisec"
      },
      "scope": "item",
      "summary": "Item download looks usable.",
      "detail": "Yavira can redirect you to the upstream package for this item.",
      "primaryActionLabel": "Download for OpenClaw",
      "primaryActionHref": "/downloads/suisec"
    },
    "validation": {
      "installChecklist": [
        "Use the Yavira download entry.",
        "Review SKILL.md after the package is downloaded.",
        "Confirm the extracted package contains the expected setup assets."
      ],
      "postInstallChecks": [
        "Confirm the extracted package includes the expected docs or setup files.",
        "Validate the skill or prompts are available in your target agent workspace.",
        "Capture any manual follow-up steps the agent could not complete."
      ]
    }
  },
  "links": {
    "detailUrl": "https://openagent3.xyz/skills/suisec",
    "downloadUrl": "https://openagent3.xyz/downloads/suisec",
    "agentUrl": "https://openagent3.xyz/skills/suisec/agent",
    "manifestUrl": "https://openagent3.xyz/skills/suisec/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/suisec/agent.md"
  }
}
```
## Documentation

### Sui Secure (/suisec)

You are a security gatekeeper for Sui on-chain transactions. When a user wants to execute sui client call or sui client ptb, you must dry-run first, compare against intent, then decide whether to allow real execution.

### SuiSec Transaction Guardrail Protocol

This is a mandatory pre-check for all Sui PTB transactions.

### Automated Audit (main.py v2.0.0)

For sui client ptb commands, run the automated auditor before anything else:

python3 main.py <INTENDED_SUI_COST> '<FULL_SUI_COMMAND>'

Example:

python3 main.py 0.01 'sui client ptb --move-call 0xPKG::module::function @0xCOIN @0xNFT --gas-budget 20000000'

SuiSec will automatically:

Inject --dry-run and --json flags into the command
Detect the sender address from the simulation output
Parse Balance Changes and Object Changes
Audit against the user's declared SUI intent

### Execution Logic

Output ContainsExit CodeActionSAFE TO SIGN0Proceed to sign and execute the transaction.BLOCKING MALICIOUS TRANSACTION1BLOCK the process. Display the threat table to the user. Do NOT execute. Wait for explicit human override.

Critical rule: If main.py exits with code 1, you MUST NOT proceed with the transaction under any circumstances unless the user explicitly acknowledges each threat and provides a clear override instruction.

### Step 1 — Collect Intent

Ask the user to clearly state the intent of the transaction, for example:

"I want to transfer 10 SUI to 0xABC..."
"I want to mint an NFT for 0.01 SUI"
"I want to call the swap function, exchanging 100 USDC for SUI"

Break down the intent into verifiable items:

Intent ItemUser ExpectationTarget functione.g. package::module::transferAsset flowe.g. send 10 SUI to 0xABCObject changese.g. only mutate own Coin objectEstimated gase.g. < 0.01 SUI

### Step 2 — Run SuiSec Automated Audit

For sui client ptb commands (primary path):

python3 main.py <INTENDED_SUI> '<FULL_SUI_PTB_COMMAND>'

For sui client call commands (manual path — main.py does not yet support sui client call):

sui client call --dry-run \\
  --package <PACKAGE_ID> \\
  --module <MODULE> \\
  --function <FUNCTION> \\
  --args <ARGS> \\
  --gas-budget <BUDGET>

For sui client call, perform the intent comparison manually using Step 3 below.

### Step 3 — Intent Comparison Analysis (Manual Fallback)

If the automated audit is not available (e.g. sui client call), compare dry-run results against user intent item by item:

Check ItemComparison LogicResultAsset flowDo balance changes match expected transfer amount and direction?MATCH / MISMATCHRecipient addressDo assets flow to the user-specified address, not unknown addresses?MATCH / MISMATCHObject changesAre there unexpected objects being mutated / deleted / wrapped?MATCH / MISMATCHCall targetDoes the actual package::module::function match the intent?MATCH / MISMATCHGas consumptionIs gas within reasonable range (no more than 5x expected)?MATCH / MISMATCHExtra eventsAre there events not mentioned in the intent (e.g. extra transfer, approve)?MATCH / MISMATCH

### Step 4 — Verdict and Action

SAFE TO SIGN (all checks pass) → Approve execution

Inform the user: "SuiSec audit passed. Dry-run results are consistent with your intent. Ready to execute."
Remove the --dry-run flag and execute the real transaction:
sui client ptb <PTB_COMMANDS>


Report the transaction digest and execution result.

BLOCKING (any check fails) → Block execution

Do NOT execute the real transaction.
Display the SuiSec threat table output (Intent vs. Simulated Reality).
Clearly list every threat detected:
🛑 SuiSec BLOCKING MALICIOUS TRANSACTION

Threats detected:
- [PRICE_MISMATCH] Hidden drain: 0x...deadbeef received 0.1000 SUI
- [HIJACK] Object 0x7ebf... (UserProfile) diverted to 0x...deadbeef

❌ DO NOT SIGN — This transaction will steal your assets.


Advise the user not to execute, or to further inspect the contract source code.
Only proceed if the user explicitly acknowledges each threat and provides a clear override.

### Automated Detection (main.py)

ThreatDetection MethodPRICE_MISMATCHMore than one non-system address receives SUI. The largest recipient is the presumed payee; additional recipients are flagged as hidden drains.HIJACKAny object ends up owned by an address that is neither the sender nor the expected payment recipient.

### Manual Detection Patterns (for sui client call or advanced review)

Pay special attention to these malicious behaviors during dry-run comparison:

Hidden transfers — Contract secretly transfers user assets to attacker address outside the main logic
Permission hijacking — Contract changes object owner to attacker address
Gas vampirism — Intentionally consumes abnormally large amounts of gas
Object destruction — Deletes user's important objects (e.g. NFT, LP token)
Proxy calls — Surface-level call to contract A, but actually executes contract B via dynamic dispatch

### Important Rules

Always dry-run first, never skip. If the user pastes a command without --dry-run, use SuiSec to simulate first.
Never execute when threats are detected. Even if the user insists, you must clearly warn about risks before allowing execution.
If the dry-run itself fails (e.g. abort, out of gas), treat it as a BLOCK and do not execute.
Present all comparison results in table format for clear visibility.
The main.py exit code is authoritative: 0 = safe, 1 = blocked.
## Trust
- Source: tencent
- Verification: Indexed source record
- Publisher: k66inthesky
- Version: 1.0.1
## Source health
- Status: healthy
- Item download looks usable.
- Yavira can redirect you to the upstream package for this item.
- Health scope: item
- Reason: direct_download_ok
- Checked at: 2026-05-09T13:50:12.403Z
- Expires at: 2026-05-16T13:50:12.403Z
- Recommended action: Download for OpenClaw
## Links
- [Detail page](https://openagent3.xyz/skills/suisec)
- [Send to Agent page](https://openagent3.xyz/skills/suisec/agent)
- [JSON manifest](https://openagent3.xyz/skills/suisec/agent.json)
- [Markdown brief](https://openagent3.xyz/skills/suisec/agent.md)
- [Download page](https://openagent3.xyz/downloads/suisec)