← Back to Skills Marketplace
nickvanzo

Xena Protocol

by Nicolo' Vanzo · GitHub ↗ · v0.2.0 · MIT-0
cross-platform ⚠ suspicious
152
Downloads
0
Stars
0
Active Installs
12
Versions
Install in OpenClaw
/install xena-protocol
Description
Xena Protocol — scan your Gmail for phishing, crypto scams, impersonation, and BEC. Optionally submit hashed reports to an on-chain registry on Ethereum Sepo...
Usage Guidance
What to consider before installing: - Functionality & dependencies: This skill does what it claims — it uses the gog CLI to read Gmail, runs a local Python detection pipeline, and (optionally) can submit hashed reports to a hardcoded OpenClawRegistry on Sepolia. It needs python3, gog, and an ANTHROPIC_API_KEY for the LLM stage; Reporter mode also needs an Ethereum RPC URL (SEPOLIA_RPC) which the code expects even though the skill metadata doesn't list it. - Sensitive data & persistence: If you opt into Reporter mode the skill will generate an Ethereum wallet and write wallet_address + wallet_private_key into ~/.openclaw/phishing-detection/config.json in plaintext. The README and SKILL.md say 'do not print the private key', but the private key is still stored unencrypted on disk. If you care about key security, do not enable Reporter mode or modify the code to store keys in an encrypted vault or use an external signer. - Network & trust: The brew formula for gogcli comes from a third‑party tap (steipete/tap); verify the tap/source before installing. The skill uses the Anthropic API (so your key will be used for LLM calls) and will call the Ethereum RPC you provide — use a reputable provider and avoid exposing high-value mainnet keys. - Audit & containment: Review the included Python code (especially registry_client.py and setup.py) yourself or run the skill in a sandboxed account first. If you want only local detection, choose Watcher mode (no wallet generated, no on‑chain writes). If you plan to use Reporter mode, consider: (a) using a throwaway testnet account, (b) replacing local key storage with a secure vault, or (c) using an external signer/hardware wallet. - Missing declaration: Ask the publisher to add SEPOLIA_RPC to the declared required env vars and to document key storage/rotation practices. If you are not comfortable with an unencrypted private key stored locally, treat this as a blocking issue. Overall: the skill is coherent with its purpose but has some security/operational choices (plaintext local private key, undeclared RPC env var, third‑party brew tap) that justify caution before enabling Reporter mode or installing on a sensitive machine.
Capability Analysis
Type: OpenClaw Skill Name: xena-protocol Version: 0.2.0 Xena Protocol is a phishing detection skill that analyzes Gmail inboxes using a multi-stage pipeline involving heuristics, Naive Bayes classification, and LLM analysis. It features an opt-in 'Reporter' mode that submits hashed threat metadata to an Ethereum Sepolia registry. The skill includes explicit defensive instructions in SKILL.md to prevent prompt injection from malicious emails and strictly limits the agent's transaction capabilities to a specific contract. While it manages a local wallet and private key (stored in ~/.openclaw/phishing-detection/config.json), the implementation is transparent, well-tested, and aligned with its stated security purpose.
Capability Tags
cryptorequires-walletcan-make-purchasescan-sign-transactionsrequires-oauth-tokenrequires-sensitive-credentials
Capability Assessment
Purpose & Capability
Name/description match the included code: the bundle contains Gmail glue (gog wrapper), a 3‑stage detection pipeline, an Anthropic LLM stage, and a web3 registry client for optional reporting. Required binaries (gog, python3) and the ANTHROPIC_API_KEY align with the LLM + Gmail functionality. Minor mismatch: the code expects a SEPOLIA_RPC env var for Reporter mode RPC access, but SEPOLIA_RPC is not listed under requires.env in the skill metadata.
Instruction Scope
SKILL.md instructs the agent to orchestrate local Python scripts and the gog CLI to read Gmail and optionally submit hashed reports to a hardcoded registry contract. It explicitly warns against executing instructions inside email bodies and not to print wallet_private_key. The runtime instructions do require the agent to (a) read/write a local config at ~/.openclaw/phishing-detection/config.json and (b) persist/handle a wallet private key in that file (reporter mode). Those actions are within the skill's stated purpose but increase sensitive-surface area.
Install Mechanism
Install entry uses a Homebrew formula (steipete/tap/gogcli) to provide the gog CLI — a reasonable approach for a CLI dependency. There is no automated pip install step; Python packages are expected to be installed by the user (requirements.txt is present). The brew formula is from a third‑party tap (steipete/tap) rather than an official core tap; that is expected for a niche CLI but worth auditing before brew install.
Credentials
Declared required env: ANTHROPIC_API_KEY (primary) — justified for the LLM classification. However, reporter functionality requires SEPOLIA_RPC (used by setup.py and registry_client) but that env var is not declared in the skill metadata. The skill generates a wallet and stores wallet_private_key in plaintext under ~/.openclaw/phishing-detection/config.json; while SKILL.md tells the agent not to print it, persisting an unencrypted private key in the skill's config is a sensitive design choice and not proportional unless the user explicitly accepts reporter mode and local storage.
Persistence & Privilege
always:false and model invocation is allowed (normal). The skill writes persistent configuration and a local SQLite DB under ~/.openclaw/phishing-detection and will persist a generated private key there for Reporter mode. It does not request platform-wide privileges or modify other skills. The main persistence concern is the unencrypted private key stored in the skill config (local file) which increases risk if the filesystem or backups are accessible.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install xena-protocol
  3. After installation, invoke the skill by name or use /xena-protocol
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.2.0
v0.2.0 — wired to new contract at 0xbDA543Ec44A154430EF86aA7Ab45375Cb75325E2 with flat reports array (getAllReports) for direct on-chain feed reads
v0.1.9
v0.1.9 — display-domain alignment (Subito, IDA, TLDR, Luma, etc); LLM can't auto-report without deterministic corroboration
v0.1.8
v0.1.8 — LLM safe verdict overrides heuristic gates (auth-fail and registry-hit still win); ham corpus expanded with newsletters
v0.1.7
v0.1.7 — verified-legit shortcut: brand in display + matching domain + auth pass = short-circuit safe; display_name_spoof gate now display-only + suffix match
v0.1.6
v0.1.6 — fix false positives: llm_trust respects category=safe and requires deterministic corroboration
v0.1.5
v0.1.5 — rebalance scoring for social-engineering: 0.15/0.25/0.60 weights, LLM-trust floor, strong-Bayes stage-1 gate, retrained model
v0.1.4
v0.1.4 — Reporter tier auto-submits reports without per-email confirmation
v0.1.3
v0.1.3 — drop cache short-circuits and gmail mark_read; each poll rescans inbox fresh
v0.1.2
v0.1.2 — tolerate gog's wrapped JSON response shapes (messages search + gmail get)
v0.1.1
v0.1.1 — bundle deployed.json inside the skill; fix gog auth list shape parse
v1.0.0
Xena Protocol 1.0.0 is now released! - Initial public release of the skill. - Scan Gmail inbox for phishing, crypto scams, impersonation, and BEC attempts. - Optionally submit hashed scam reports to an on-chain Ethereum Sepolia registry for community protection. - Fully interactive setup wizard with clear guidance for both non-crypto (Watcher) and crypto-enabled (Reporter) modes. - Emphasizes strict security: only allows OpenClawRegistry contract actions and never exposes sensitive wallet keys.
v0.1.0
Initial release
Metadata
Slug xena-protocol
Version 0.2.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 12
Frequently Asked Questions

What is Xena Protocol?

Xena Protocol — scan your Gmail for phishing, crypto scams, impersonation, and BEC. Optionally submit hashed reports to an on-chain registry on Ethereum Sepo... It is an AI Agent Skill for Claude Code / OpenClaw, with 152 downloads so far.

How do I install Xena Protocol?

Run "/install xena-protocol" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Xena Protocol free?

Yes, Xena Protocol is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Xena Protocol support?

Xena Protocol is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Xena Protocol?

It is built and maintained by Nicolo' Vanzo (@nickvanzo); the current version is v0.2.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments