← Back to Skills Marketplace
shenmeng

Security Defense Line 安全防线

by shenmeng · GitHub ↗ · v2025.4.15 · MIT-0
cross-platform ⚠ suspicious
714
Downloads
0
Stars
0
Active Installs
69
Versions
Install in OpenClaw
/install shenmeng-security-defense-line
Description
安全防线 - 全方位安全防护与威胁防御系统。 当用户需要以下功能时触发此skill: (1) 智能合约安全审计与漏洞检测 (2) 钱包安全检测与防护 (3) 交易安全验证与风险预警 (4) 钓鱼网站/诈骗检测 (5) 私钥/助记词安全管理 (6) 多签钱包配置与管理 (7) 安全事件响应与应急处理 (8) 安全策...
Usage Guidance
This skill appears to implement the security features it advertises, but there are several red flags you should consider before installing or running it: - Hardcoded billing credential: payment.py contains a cleartext BILLING_API_KEY and calls https://skillpay.me. Hardcoded keys are insecure and could allow unexpected charges or leak sensitive billing access. Ask the author to remove the embedded key and require a runtime environment variable instead. - Undeclared environment secrets: SKILL.md and code reference TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID, and SKILLPAY_USER_ID but the skill metadata lists no required env vars. Running the skill may prompt you to provide these secrets or try to operate without them. - External binaries and network access: scripts expect to call tools like Slither/Mythril and will reach external endpoints. Ensure those binaries are installed from trusted sources, and run the skill in an isolated environment (container/VM) first. - Long‑running and local monitoring behavior: the monitor and phishing scripts can run as daemons, open a web dashboard, and watch the clipboard. Only run this code in an environment where you permit network egress and local input monitoring; do not run on a machine holding real private keys. - Billing and payment flow: the skill enforces a payment check at startup (require_payment) and may attempt to charge a user id it finds in the environment. Verify the billing provider (skillpay.me) and the legal/financial implications before using. Recommended actions before use: - Request the author to remove embedded API keys and to document required env vars explicitly. - Review all scripts fully (especially omitted/truncated parts) for any outbound network calls or data exfiltration paths. - Run the skill in a sandbox (container or ephemeral VM) with no access to your private keys or sensitive files; restrict network egress if possible and inspect outbound traffic. - If you need only audit functionality, consider using well‑known, audited tools (Slither/Mythril/OpenZeppelin) directly rather than an unvetted bundle. If you provide the full remaining files (truncated parts) or confirm the intended billing workflow and env var list, I can raise or lower the confidence of this assessment.
Capability Tags
cryptorequires-walletcan-make-purchasesrequires-sensitive-credentials
Capability Assessment
Purpose & Capability
The code files implement the stated features (contract auditor, phishing detector, tx validator, multisig manager, incident responder, monitor). However the SKILL metadata and SKILL.md do not declare required binaries (Slither/Mythril) or several environment variables and credentials that the scripts reference in examples (e.g., TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID, SKILLPAY_USER_ID). The presence of an embedded billing API key in payment.py and a billing configuration in _meta.json conflicts with the declared 'Required env vars: none'.
Instruction Scope
SKILL.md instructs running multiple scripts including long‑running monitoring (security_monitor.py --daemon, --dashboard --port 8080) and a clipboard watch / auto-block mode for phishing_detector. Those runtime behaviors can read local state (clipboard), open network ports, and push alerts externally (Telegram). The SKILL.md config examples reference secrets (Telegram tokens) that are not declared. The instructions also imply the use of external analysis binaries (slither/mythril/aderyn) which are invoked by scripts but not listed as required.
Install Mechanism
There is no install spec (instruction-only), which normally reduces risk, but the bundle includes executable Python scripts that will be run in the agent environment. No third‑party package downloads are declared, but the scripts call external programs (slither/mythril) and external endpoints (skillpay.me). Because code is present and executed ad‑hoc, absence of an install spec is not equivalent to 'no install risk'.
Credentials
The package manifest (_meta.json) indicates billing and expects SKILLPAY_API_KEY / SKILLPAY_USER_ID, yet the skill manifest reported 'Required env vars: none' — a mismatch. payment.py hardcodes a sensitive BILLING_API_KEY inside source code (cleartext secret), and verify_payment() reads SKILLPAY_USER_ID from environment. SKILL.md examples also reference TELEGRAM_BOT_TOKEN and TELEGRAM_CHAT_ID but these are not declared in requirements. These undeclared or embedded credentials are disproportionate and risky.
Persistence & Privilege
The skill is not force-installed (always:false) and allows normal autonomous invocation. However the scripts support daemon mode, a web dashboard, and an alerting pipeline (Telegram/email). If run, the skill can create a persistent process, open network endpoints, and send data externally. That persistence capability combined with the billing integration and hardcoded API key increases the impact if abused.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install shenmeng-security-defense-line
  3. After installation, invoke the skill by name or use /shenmeng-security-defense-line
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v2025.4.15
No changes were detected in this version. - No updates to code or documentation. - Functionality remains the same as the previous release.
v4.15.0
No file changes were detected in this version. - No updates, fixes, or new features are included in version 4.15.0. - The SKILL.md documentation remains unchanged.
v2026.4.14
Version 2026.4.14 - No changes were made in this version; contents remain the same as the previous release.
v101.0.0
Version 101.0.0 - No functional or documentation changes; content remains identical to the previous version. - This release does not modify any files or configurations.
v2025.4.14
No changes detected in this version. - No file or documentation changes were found for version 2025.4.14. - All features and usage remain identical to the previous release.
v12.0.0
Version 12.0.0 - No file changes detected in this release. - All features, documentation, and workflow remain the same as the previous version.
v1.3.0
Version 1.3.0 of shenmeng-security-defense-line - No file changes detected in this release. - Documentation and feature descriptions remain unchanged.
v1.0.2000000000
No functional or content changes detected in this version. - No file or documentation changes found. - Version update only; all features and documentation remain unchanged.
v1.0.1776047104
- No file changes detected in this version. - Functionality and documentation remain unchanged from the previous release.
v2026.4.13-1
No changes in this version. - The current version does not contain any file changes from the previous release.
v2025.4.13
Version 2025.4.13 - No file changes detected in this release. - All features, workflows, and documentation remain unchanged.
v2026.4.13
No changes detected in this version. - This skill version does not introduce any updates or modifications. - No file or documentation changes found compared to the previous version.
v2025.4.12
Version 2025.4.12 - No file or content changes detected in this update. - All features, workflows, and documentation remain unchanged from the previous version.
v1000001.0.0
- Initial release of the security-defense-line skill. - Provides a comprehensive security and threat defense system for digital assets, including contract auditing, wallet safety, transaction validation, phishing detection, key/mnemonic management, multisig wallet management, incident response, and compliance strategy. - Integrated with SkillPay for paid secure service access. - Detailed usage workflow, configuration examples, script instructions, and best practices documentation included.
v1.9.0
Version 1.9.0 of shenmeng-security-defense-line - No file changes detected in this version. - No visible feature, workflow, or documentation updates.
v2025.4.11
shenmeng-security-defense-line 2025.4.11 - No code or documentation changes detected in this version. - All features, instructions, and best practices remain unchanged.
v2024.1.0
Version 2024.1.0 - No file or documentation changes detected in this version. - No feature, configuration, or workflow updates.
v2025.1.0
Version 2025.1.0 - No file changes detected; content and functionality remain the same as the previous version. - No new features, bug fixes, or documentation updates in this release. - This version maintains all current security audit, wallet protection, transaction verification, and response capabilities.
v2025.0.0
No changes detected in this version. - No file changes were made compared to the previous version. - All features, instructions, and documentation remain unchanged.
v1.2025.411
No user-facing changes detected in this version. - No modifications or additions to SKILL.md. - No source or configuration file changes. - All functionality and documentation remain the same as the previous release.
Metadata
Slug shenmeng-security-defense-line
Version 2025.4.15
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 69
Frequently Asked Questions

What is Security Defense Line 安全防线?

安全防线 - 全方位安全防护与威胁防御系统。 当用户需要以下功能时触发此skill: (1) 智能合约安全审计与漏洞检测 (2) 钱包安全检测与防护 (3) 交易安全验证与风险预警 (4) 钓鱼网站/诈骗检测 (5) 私钥/助记词安全管理 (6) 多签钱包配置与管理 (7) 安全事件响应与应急处理 (8) 安全策... It is an AI Agent Skill for Claude Code / OpenClaw, with 714 downloads so far.

How do I install Security Defense Line 安全防线?

Run "/install shenmeng-security-defense-line" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Security Defense Line 安全防线 free?

Yes, Security Defense Line 安全防线 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Security Defense Line 安全防线 support?

Security Defense Line 安全防线 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Security Defense Line 安全防线?

It is built and maintained by shenmeng (@shenmeng); the current version is v2025.4.15.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments