← Back to Skills Marketplace
shenmeng

Security Defense Line 安全防线

by shenmeng · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
89
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install shenmeng-defense-line
Description
安全防线 - 全方位安全防护与威胁防御系统。 当用户需要以下功能时触发此skill: (1) 智能合约安全审计与漏洞检测 (2) 钱包安全检测与防护 (3) 交易安全验证与风险预警 (4) 钓鱼网站/诈骗检测 (5) 私钥/助记词安全管理 (6) 多签钱包配置与管理 (7) 安全事件响应与应急处理 (8) 安全策...
Usage Guidance
Do not run these scripts or give this skill real secrets until the developer clarifies and fixes the mismatches. Specific concerns to ask/require before installing: (1) remove the hard-coded BILLING API key from payment.py and use an environment variable as declared in _meta.json, or explain why the hard-coded key is safe; (2) update the manifest to list all required env vars (SKILLPAY_USER_ID, SKILLPAY_API_KEY if used, TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID) and explain what data is sent to external endpoints (skillpay.me and any others); (3) declare required external binaries (slither, mythril, aderyn, etc.) and document fallback behavior if they are missing; (4) provide the missing referenced script(s) (security_monitor.py) or remove references; (5) review and audit all network calls—the billing calls send a user_id to skillpay.me and the package will contact that external service; (6) prefer platform-native billing instead of a third-party API embedded in code; (7) run the code in an isolated sandbox and review logs/network traffic before using on production wallets. These inconsistencies could be sloppy engineering or intentional; treat the package as untrusted until the above are resolved.
Capability Analysis
Type: OpenClaw Skill Name: shenmeng-defense-line Version: 1.0.0 The skill bundle contains a hardcoded API key (sk_f03aa8f8...) in payment.py, which is a significant security vulnerability. While the provided scripts for smart contract auditing and phishing detection (scripts/contract_auditor.py, scripts/phishing_detector.py) appear to be functional or educational mocks, the SKILL.md documentation references a missing script (scripts/security_monitor.py) and describes high-risk capabilities such as private key management and clipboard monitoring without providing robust security implementations. The combination of hardcoded credentials and high-privilege claims in the documentation warrants a suspicious classification.
Capability Assessment
Purpose & Capability
Skill advertises comprehensive on-chain security tooling but the package does not declare required binaries (Slither/Mythril/etc.), required environment variables, or platform billing integration; code files expect external analysis tools and payment handling that are not represented in the manifest or SKILL metadata. Several referenced scripts (e.g., security_monitor.py) are mentioned in SKILL.md but are missing from the file manifest.
Instruction Scope
SKILL.md instructs the agent/user to run multiple scripts that perform network actions and call external tools. The documentation references environment variables (TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID) and a SkillPay flow, but the skill does not declare those env vars or clearly limit what data will be sent to external endpoints. The billing flow will send the provided user_id to an external billing service (skillpay.me).
Install Mechanism
There is no install spec (instruction-only at packaging level), which lowers automatic install risk, but the bundle includes many executable Python scripts that expect external third-party binaries. Because nothing is installed automatically, the primary risk is that a user or agent executing the scripts will run subprocesses or network calls not declared in the manifest.
Credentials
The package manifest (_meta.json) declares payment-related env names (SKILLPAY_API_KEY, SKILLPAY_USER_ID) but the code contradicts this: payment.py contains a hard-coded billing API key and does not read SKILLPAY_API_KEY. SKILL.md and example configs reference TELEGRAM_BOT_TOKEN and TELEGRAM_CHAT_ID but the skill does not require or declare them. Hard-coded secrets and undeclared env requirements are disproportionate and confusing.
Persistence & Privilege
The skill is not marked always:true, does not request platform-wide persistence, and does not declare modifications to other skills or agent configurations. Autonomous invocation remains possible (platform default) but is not combined with other high-privilege flags.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install shenmeng-defense-line
  3. After installation, invoke the skill by name or use /shenmeng-defense-line
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of Security Defense Line, an all-in-one security and threat defense system for digital assets. - Provides smart contract auditing, vulnerability scanning, and gas optimization. - Offers wallet security checks including blacklist, entropy, and hardware wallet validation. - Enables transaction risk analysis, phishing/ scam detection, and multi-signature wallet management. - Includes incident response, event monitoring, and automated alert systems. - Features best practice guides and detailed security checklists. - Integrated with the SkillPay payment system (0.01 USDT/call, BNB Chain).
Metadata
Slug shenmeng-defense-line
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Security Defense Line 安全防线?

安全防线 - 全方位安全防护与威胁防御系统。 当用户需要以下功能时触发此skill: (1) 智能合约安全审计与漏洞检测 (2) 钱包安全检测与防护 (3) 交易安全验证与风险预警 (4) 钓鱼网站/诈骗检测 (5) 私钥/助记词安全管理 (6) 多签钱包配置与管理 (7) 安全事件响应与应急处理 (8) 安全策... It is an AI Agent Skill for Claude Code / OpenClaw, with 89 downloads so far.

How do I install Security Defense Line 安全防线?

Run "/install shenmeng-defense-line" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Security Defense Line 安全防线 free?

Yes, Security Defense Line 安全防线 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Security Defense Line 安全防线 support?

Security Defense Line 安全防线 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Security Defense Line 安全防线?

It is built and maintained by shenmeng (@shenmeng); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments