← Back to Skills Marketplace
1322
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install aegis-security-hackathon
Description
Blockchain security scanner for AI agents (testnet). Pay with Base Sepolia USDC via x402 protocol.
README (SKILL.md)
Aegis402 Shield Protocol (Hackathon/Testnet)
Blockchain security API for AI agents. Testnet version - pay with Base Sepolia USDC.
⚠️ This is the hackathon/testnet deployment. For production, use aegis-security.
Skill Files
| File | URL |
|---|---|
| SKILL.md (this file) | https://hackathon.aegis402.xyz/skill.md |
| package.json (metadata) | https://hackathon.aegis402.xyz/skill.json |
Base URL: https://hackathon.aegis402.xyz/v1
Quick Start
npm install @x402/fetch @x402/evm
import { x402Client, wrapFetchWithPayment } from '@x402/fetch';
import { ExactEvmScheme } from '@x402/evm/exact/client';
const client = new x402Client()
.register('eip155:*', new ExactEvmScheme(yourEvmWallet));
const fetch402 = wrapFetchWithPayment(fetch, client);
// Payments on Base Sepolia (testnet USDC)
const res = await fetch402('https://hackathon.aegis402.xyz/v1/check-token/0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48?chain_id=1');
const data = await res.json();
Requirements: Testnet USDC on Base Sepolia (chain ID 84532)
Get testnet USDC: Base Sepolia Faucet
Pricing (Testnet USDC)
| Endpoint | Price | Use Case |
|---|---|---|
POST /simulate-tx |
$0.05 | Transaction simulation, DeFi safety |
GET /check-token/:address |
$0.01 | Token honeypot detection |
GET /check-address/:address |
$0.005 | Address reputation check |
Endpoints
Check Token ($0.01)
Scan any token for honeypots, scams, and risks.
curl "https://hackathon.aegis402.xyz/v1/check-token/0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48?chain_id=1"
Response:
{
"address": "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48",
"isHoneypot": false,
"trustScore": 95,
"risks": [],
"_meta": { "requestId": "uuid", "duration": 320 }
}
Check Address ($0.005)
Verify if address is flagged for phishing or poisoning.
curl "https://hackathon.aegis402.xyz/v1/check-address/0x742d35Cc6634C0532925a3b844Bc454e4438f44e"
Response:
{
"address": "0x742d35Cc6634C0532925a3b844Bc454e4438f44e",
"isPoisoned": false,
"reputation": "NEUTRAL",
"tags": ["wallet", "established"],
"_meta": { "requestId": "uuid", "duration": 180 }
}
Simulate Transaction ($0.05)
Predict balance changes and detect threats before signing.
curl -X POST "https://hackathon.aegis402.xyz/v1/simulate-tx" \
-H "Content-Type: application/json" \
-d '{
"from": "0xYourWallet...",
"to": "0xContract...",
"value": "1000000000000000000",
"data": "0x...",
"chain_id": 8453
}'
Response:
{
"isSafe": true,
"riskLevel": "LOW",
"simulation": {
"balanceChanges": [
{ "asset": "USDC", "amount": "-100.00", "address": "0x..." }
]
},
"warnings": [],
"_meta": { "requestId": "uuid", "duration": 450 }
}
x402 Payment Flow (Testnet)
- Agent calls any paid endpoint
- Receives
402 Payment Requiredwith Base Sepolia payment instructions - Pays testnet USDC on Base Sepolia (chain ID: 84532)
- Retries request with payment proof header
- Gets security scan result
Network: Base Sepolia (eip155:84532) Currency: Testnet USDC
Use Cases for AI Agents
Before Swapping Tokens
const tokenCheck = await fetch402(`https://hackathon.aegis402.xyz/v1/check-token/${tokenAddress}?chain_id=8453`);
const { isHoneypot, trustScore } = await tokenCheck.json();
if (isHoneypot || trustScore \x3C 50) {
console.log('⚠️ Risky token detected!');
}
Before Signing Transactions
const simulation = await fetch402('https://hackathon.aegis402.xyz/v1/simulate-tx', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ from, to, value, data, chain_id: 8453 })
});
const { isSafe, riskLevel, warnings } = await simulation.json();
if (!isSafe || riskLevel === 'CRITICAL') {
console.log('🚨 Dangerous transaction!', warnings);
}
Risk Levels
| Level | Meaning |
|---|---|
SAFE |
No issues detected |
LOW |
Minor concerns, generally safe |
MEDIUM |
Some risks, proceed with caution |
HIGH |
Significant risks detected |
CRITICAL |
Do not proceed |
Supported Chains (for scanning)
| Chain | ID | check-token | check-address | simulate-tx |
|---|---|---|---|---|
| Ethereum | 1 | ✅ | ✅ | ✅ |
| Base | 8453 | ✅ | ✅ | ✅ |
| Polygon | 137 | ✅ | ✅ | ✅ |
| Arbitrum | 42161 | ✅ | ✅ | ✅ |
| Optimism | 10 | ✅ | ✅ | ✅ |
| BSC | 56 | ✅ | ✅ | ✅ |
Health Check (Free)
curl https://hackathon.aegis402.xyz/health
Links
- Hackathon API: https://hackathon.aegis402.xyz
- Production API: https://aegis402.xyz
- GitHub: https://github.com/SwiftAdviser/aegis-402-shield-protocol
- x402 Protocol: https://docs.x402.org
🛡️ Built for the Agentic Economy. Powered by x402 Protocol.
Usage Guidance
This skill appears to be a legitimate pay-per-request testnet scanner, but there are important gaps and inconsistencies you should resolve before enabling it:
- Do not provide your mainnet/private signing key to any agent. The skill requires an EVM wallet to sign x402 payments but does not declare this. If you want to test it, use an ephemeral testnet-only wallet with only small funds.
- Ask the author to clarify the chain IDs and networks (examples use 1, 8453, and metadata says 84532). Confirm which chain IDs map to which networks to avoid accidental mainnet usage.
- Verify the domain and code: check the linked GitHub repository and TLS certificate for hackathon.aegis402.xyz to confirm identity before sending any payments.
- Be cautious installing the recommended npm packages; prefer pinned versions and review their source if you plan to run code that will sign transactions.
- If you want to proceed: only allow the agent to use an isolated/test wallet, monitor payment requests, and test first with the free health endpoint (no payment) to validate connectivity.
If the developer cannot clarify the wallet requirement and chain ID inconsistencies, treat this skill as untrusted.
Capability Analysis
Type: OpenClaw Skill
Name: aegis-security-hackathon
Version: 1.0.0
The skill bundle is benign, providing clear instructions for an AI agent to interact with a blockchain security API on a testnet. All network calls and package installations (`@x402/fetch`, `@x402/evm`) are directly related to the stated purpose of blockchain security scanning and its associated payment protocol. There is no evidence of prompt injection attempts, data exfiltration, malicious execution, persistence, or obfuscation across `_meta.json`, `SKILL.md`, and `package.json`.
Capability Assessment
Purpose & Capability
Name, description, endpoints, and pricing align with a pay-per-request blockchain security API. Requiring x402 client libraries to perform pay-to-use calls is expected. However, the documentation expects the agent to provide an EVM wallet for payment signing (yourEvmWallet) but the skill declares no required credentials or env vars — this omission is surprising.
Instruction Scope
SKILL.md instructs the agent to call external API endpoints and to wrap fetch with a payment-enabled client. It does not tell the agent to read local files or secrets explicitly, but it implicitly assumes access to an EVM wallet capable of signing payments. There are also multiple inconsistent chain_id values in examples (metadata lists 84532; examples use 8453 and 1), which is confusing and could cause mistaken mainnet requests or mis-payment.
Install Mechanism
The skill is instruction-only (no install spec). It recommends npm packages (@x402/fetch, @x402/evm). That is a reasonable dependency for the stated x402 payment flow, but installing third‑party npm packages carries the usual supply‑chain risks — the skill does not include audited code or pin versions.
Credentials
No environment variables are declared, but the instructions require an EVM wallet object to sign payments (e.g., a private key or unlocked wallet). Requesting signing capability (private key or wallet access) is proportionate to paying for scans, but omitting this from requires.env and not warning the user is a transparency issue and increases risk of accidental secret exposure.
Persistence & Privilege
The skill does not request persistent installation, does not set always:true, and has no install scripts. It therefore does not demand elevated or permanent privileges on the agent platform.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install aegis-security-hackathon - After installation, invoke the skill by name or use
/aegis-security-hackathon - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial testnet release of Aegis402 Shield Protocol as a blockchain security API for AI agents.
- Enables security scans for tokens and addresses, as well as transaction simulation, with pricing in Base Sepolia testnet USDC.
- Supports payment via x402 protocol; endpoints require payment proof before returning results.
- Key endpoints: check-token (honeypot/scam detection), check-address (reputation), simulate-tx (threat prediction and balance simulation).
- Compatible with multiple EVM chains, including Ethereum, Base, Polygon, Arbitrum, Optimism, and BSC.
- Includes developer instructions, response examples, and testnet faucet link for setup.
Metadata
Frequently Asked Questions
What is Hackathon?
Blockchain security scanner for AI agents (testnet). Pay with Base Sepolia USDC via x402 protocol. It is an AI Agent Skill for Claude Code / OpenClaw, with 1322 downloads so far.
How do I install Hackathon?
Run "/install aegis-security-hackathon" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Hackathon free?
Yes, Hackathon is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Hackathon support?
Hackathon is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Hackathon?
It is built and maintained by Roman (@swiftadviser); the current version is v1.0.0.
More Skills