← Back to Skills Marketplace
262
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install shll-run
Description
Execute DeFi transactions on BSC via SHLL AgentNFA. The AI handles all commands and users only need to chat.
Usage Guidance
This skill is plausibly what it claims (an operator hot-wallet is needed to send transactions), but there are important warning signs you should resolve before installing or using it: 1) The registry metadata omits the required RUNNER_PRIVATE_KEY while the SKILL.md/README require it — demand that the registry entry be corrected or explained. 2) Never paste or store your main/private keys in plaintext; follow the README's advice to use a dedicated operator hot wallet with minimal BNB, and treat that wallet as disposable. 3) Avoid embedding the operator key into long-lived config files (Claude/Cursor JSON) — prefer ephemeral session injection or an in-memory agent secret, and delete any stored copies afterward. 4) Verify the npm package and GitHub repository (shll-skills) exist, inspect the package source, and confirm the PolicyGuard contract address on BscScan before trusting the system. 5) Prefer using a private RPC and audit any MCP/CLI binaries you run. If you cannot or will not inspect the npm package/repo and confirm the on-chain contracts, do not supply any private keys or install the skill.
Capability Analysis
Type: OpenClaw Skill
Name: shll-run
Version: 6.0.4
The shll-run skill bundle provides a DeFi execution layer for AI agents on the BNB Chain, featuring a dual-wallet architecture and on-chain policy enforcement via a 'PolicyGuard' contract (0x25d17eA0e3Bcb8CA08a2BFE917E817AFc05dbBB3). The instructions in SKILL.md and README.md prioritize safety, requiring user confirmation for transactions and explicitly warning against using primary wallets for the operator key. No indicators of data exfiltration, malicious execution, or harmful prompt injection were found.
Capability Assessment
Purpose & Capability
The stated purpose (execute policy-limited DeFi actions on BSC) legitimately requires an operator key and RPC endpoint; that part is coherent. However the registry metadata lists no required env vars while SKILL.md/README require RUNNER_PRIVATE_KEY (operator private key) and optionally SHLL_RPC — this metadata mismatch is inconsistent and reduces trust.
Instruction Scope
SKILL.md and README explicitly instruct putting RUNNER_PRIVATE_KEY into agent config files (e.g., Claude desktop JSON, Cursor mcp.json) and say the AI should set RUNNER_PRIVATE_KEY for sessions automatically. That directs agents/users to store and expose a private key in plaintext and instructs the agent to access/modify local agent config paths — scope creep that increases risk of key leakage or accidental persistent storage.
Install Mechanism
The skill is instruction-only in the registry (no install spec), but SKILL.md recommends installing the npm package (npm install -g shll-skills). Using npm is standard and the SKILL.md cites the public npm registry and a GitHub repo. Because the registry entry provides no install script while the documentation references an external npm package, you should verify the published npm package and repo before installing.
Credentials
Requesting an operator private key is proportionate to executing signed on-chain transactions. However the README/SKILL.md's advice to embed the key in desktop or project config files and to have the agent set the env var automatically increases exposure. Also the registry metadata failing to declare RUNNER_PRIVATE_KEY is a red flag — the skill requests sensitive credentials but the registry record does not advertise them.
Persistence & Privilege
The skill does not request 'always:true' and allows autonomous invocation (normal), but its instructions encourage writing sensitive keys into long-lived agent config files (Claude/Cursor), which grants persistent local exposure. It also encourages running an MCP server process configured with the private key, which if misconfigured could persist the key on disk or in logs.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install shll-run - After installation, invoke the skill by name or use
/shll-run - Provide required inputs per the skill's parameter spec and get structured output
Version History
v6.0.4
Add on-chain enforcement evidence to policy rejection output; enhance SKILL.md with product overview, security architecture diagram, and 4-policy stack documentation
Metadata
Frequently Asked Questions
What is SHLL Safe Execution?
Execute DeFi transactions on BSC via SHLL AgentNFA. The AI handles all commands and users only need to chat. It is an AI Agent Skill for Claude Code / OpenClaw, with 262 downloads so far.
How do I install SHLL Safe Execution?
Run "/install shll-run" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is SHLL Safe Execution free?
Yes, SHLL Safe Execution is completely free (open-source). You can download, install and use it at no cost.
Which platforms does SHLL Safe Execution support?
SHLL Safe Execution is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created SHLL Safe Execution?
It is built and maintained by kledx (@kledx); the current version is v6.0.4.
More Skills