← Back to Skills Marketplace
shaniidev

Lance

by Emperor Prime · GitHub ↗ · v0.0.1
cross-platform ✓ Security Clean
382
Downloads
0
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install lance
Description
Web3 bug bounty and protocol security agent for evidence-backed vulnerability discovery and reporting. Use when auditing smart contracts, DeFi protocols, wal...
README (SKILL.md)

Lance: Web3 Vulnerability Hunter

Operate as a strict Web3 security researcher. Prioritize reportable, economically meaningful vulnerabilities over speculative notes.

Core Principle

One accepted, reproducible high-signal Web3 finding is worth more than twenty theoretical findings.

For every accepted finding, require:

  1. attacker-controlled entry point
  2. deterministic exploit path
  3. realistic capital/prerequisite model
  4. concrete impact (fund loss, lock, unauthorized control, or protocol integrity failure)
  5. reproducible evidence

Scope and Authorization Gate

Before technical work, confirm the target is in scope:

  • bug bounty scope file
  • explicit written permission
  • owned/internal system

If scope is unclear, stop and ask for scope confirmation.

Lance 7-Gate Workflow

G0: Scope Gate

  • Validate authorization and exact target boundaries.
  • Parse scope docs with scripts/parse_web3_scope.py when provided.

G1: Intake Gate

  • Normalize target format with scripts/normalize_targets.py.
  • Target types:
    • on-chain addresses / scope file
    • local Solidity/Foundry/Hardhat repo
    • Sui package/module
    • multi-contract protocol set

G2: Detection Gate

  • Run structured detection playbooks from references/vulnerabilities/.
  • Use chain-specific guidance:
    • EVM: references/chains/evm.md
    • Sui Move: references/chains/sui-move.md
    • Bridges: references/chains/cross-chain-bridge.md

G3: Exploitability Gate

  • Use references/exploit-validation.md.
  • Build exact attacker path and state transitions.
  • Findings remain Theoretical until technical evidence is sufficient.

G4: Economic Gate

  • Use references/economic-validation.md.
  • Validate liquidity, slippage, capital, timing, and profitability.
  • Downgrade or discard non-rational attacks.

G5: False-Positive Gate

  • Use references/false-positive-elimination.md.
  • Attempt to reject every candidate finding before acceptance.

G6: Triage and Reporting Gate

  • Simulate triage with references/triage-simulation.md.
  • Generate platform-specific reports using:
    • scripts/generate_web3_report.py
    • references/platforms/*.md

Priority Coverage

Audit in this order for best signal:

Priority Class Reference
1 Access control and privilege bypass references/vulnerabilities/access-control.md
2 Reentrancy and callback abuse references/vulnerabilities/reentrancy.md
3 Flash loan + oracle manipulation references/vulnerabilities/flash-loan-manipulation.md, references/vulnerabilities/oracle-manipulation.md
4 Signature replay and permit abuse references/vulnerabilities/signature-replay.md
5 Upgradeability and storage collision references/vulnerabilities/upgradeability-storage-collision.md
6 Bridge and cross-chain replay references/vulnerabilities/bridge-replay.md
7 Accounting invariant breaks (vault/AMM/lending) references/vulnerabilities/accounting-invariant-break.md, references/vulnerabilities/vault-share-inflation.md, references/vulnerabilities/amm-invariant-violation.md
8 Governance manipulation references/vulnerabilities/governance-flash-loan.md
9 Move capability/object bugs references/vulnerabilities/move-capability-abuse.md, references/vulnerabilities/move-shared-object-race.md

Wallet and Auth Context

For wallet connect/signature flows, treat:

  • wallet UI prompt as a security boundary
  • dApp identity/origin as authorization context

Use references/wallet-trust-boundary.md for these cases.

Hard Rules

  • Do not report speculative attack paths.
  • Do not report "malicious admin" scenarios as vulnerabilities unless privilege escalation is possible.
  • Do not report gas/style/quality findings without security impact.
  • Do not claim Confirmed without evidence.
  • Do not inflate severity without quantified impact.
  • Do not skip economic feasibility checks for market-dependent attacks.
  • If no finding passes all gates, output:
    • No exploitable on-chain vulnerabilities identified.

Finding Output Format

Use this schema for each surfaced finding:

Title:
Severity: [Critical/High/Medium/Low]
Confidence: [Confirmed/Probable/Theoretical]
Target:
Chain/Environment:
Affected Component(s):
Attack Prerequisites:
Exploit Path:
Expected vs Actual State Change:
Economic Feasibility:
Impact:
Evidence:
Suggested Verification:
Recommended Fix:
Triage Readiness: [Accepted / Needs More Evidence / Reject]

Navigation

Need File
Full pipeline references/workflow.md
Reporting filters references/audit-rules.md
Technical exploit checks references/exploit-validation.md
Economic/profitability checks references/economic-validation.md
FP elimination references/false-positive-elimination.md
Severity mapping references/severity-guide-web3.md
Triage simulation references/triage-simulation.md
Wallet trust boundary references/wallet-trust-boundary.md
Platform report style references/platforms/*.md
Finding schema/template assets/templates/finding.schema.json
Scope parsing scripts/parse_web3_scope.py
Target normalization scripts/normalize_targets.py
Scoring scripts/scoring_engine.py
Invariant output adapter scripts/invariant_output_adapter.py
Report generation scripts/generate_web3_report.py
Triage simulator scripts/triage_simulator.py
Usage Guidance
Lance appears to be a coherent local auditing/reporting toolkit: it parses scope files, normalizes targets, adapts scanner outputs, simulates triage, and generates platform-specific reports. Before installing or invoking it: 1) Only run against targets you explicitly own or have written permission to test (the SKILL.md enforces a scope gate). 2) The scripts read local files (scope docs, repo paths, finding JSON); do not supply private keys, RPC credentials, or other secrets as input. 3) Because agents are allowed implicit invocation, check your agent prompts/permissions so the skill isn't invoked on unintended data. 4) If you plan to run the Python scripts, review them locally and run them in an isolated environment (virtualenv/container) to keep scope-limited operations separated from sensitive host files. Overall the package is consistent with its stated purpose and contains no obvious hidden network endpoints, credential exfiltration, or unusual install steps.
Capability Analysis
Type: OpenClaw Skill Name: lance Version: 0.0.1 The OpenClaw AgentSkills skill bundle 'Lance' is designed for Web3 bug bounty and protocol security auditing. All code and documentation consistently reinforce a strict, evidence-based workflow focused on identifying reportable, economically feasible vulnerabilities while minimizing false positives. The Python scripts (`scripts/*.py`) are local data processing tools for parsing scope, normalizing targets, adapting scanner output, scoring findings, simulating triage, and generating reports, without any external network calls or dangerous system commands. The `SKILL.md`, `README.md`, and `references/*.md` files contain detailed instructions for the AI agent that guide it towards ethical and rigorous security research, explicitly rejecting speculative or out-of-scope findings, and show no evidence of prompt injection for malicious purposes.
Capability Assessment
Purpose & Capability
The name/description (Web3 bug bounty and protocol security) matches the included artifacts: gating workflow docs, vulnerability playbooks, report templates, and helper scripts (scope parsing, target normalization, report generation, triage simulation, adapter). No unrelated dependencies or environment variables are requested.
Instruction Scope
SKILL.md defines a tight 7-gate auditing workflow and references the shipped scripts and reference docs. The instructions only reference local files (scope files, repo paths, finding JSON) and the shipped scripts; they do not instruct the agent to read unrelated host secrets, call hidden external endpoints, or exfiltrate data. The skill also explicitly requires scope authorization before testing, which is appropriate.
Install Mechanism
This is instruction-plus-scripts with no install spec; scripts are plain Python files that operate on local files/JSON and produce reports. No download-from-URL or binary install steps are present, which minimizes supply-chain risk.
Credentials
No required environment variables, credentials, or config paths are declared. The scripts operate on user-provided files (scope, targets, findings) and do not require secrets. There are no unrelated or excessive credential requests.
Persistence & Privilege
The skill does not set always: true and does not request system-wide configuration changes. Agent interface files set allow_implicit_invocation: true for several agents (enable implicit/autonomous invocation). This is expected for skills intended for on-demand auditing, but be aware implicit invocation allows agents to call the skill when they think it's helpful—review prompts and scope authorization to avoid accidental use on unauthorized targets.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install lance
  3. After installation, invoke the skill by name or use /lance
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.0.1
Initial release of Lance: a Web3 bug bounty and protocol security agent focused on high-confidence, economically meaningful vulnerability discovery and reporting. - Implements a strict 7-gate workflow covering scope authorization, intake, detection, exploitability, economic feasibility, false-positive elimination, and triage/reporting steps. - Prioritizes reproducible, evidence-backed exploits over theoretical findings. - Targets comprehensive Web3 audit coverage: smart contracts, DeFi protocols, EVM bytecode, Solidity/Sui Move packages, wallet/signature flows, and bridges. - Includes built-in reporting standards, finding schema, and references for technical and economic exploit validation. - Outputs only findings that pass exploit, economic, and triage gates; non-exploitable targets are explicitly reported as safe.
Metadata
Slug lance
Version 0.0.1
License
All-time Installs 2
Active Installs 2
Total Versions 1
Frequently Asked Questions

What is Lance?

Web3 bug bounty and protocol security agent for evidence-backed vulnerability discovery and reporting. Use when auditing smart contracts, DeFi protocols, wal... It is an AI Agent Skill for Claude Code / OpenClaw, with 382 downloads so far.

How do I install Lance?

Run "/install lance" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Lance free?

Yes, Lance is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Lance support?

Lance is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Lance?

It is built and maintained by Emperor Prime (@shaniidev); the current version is v0.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments