Openclaw Skill
/install sigui-security
Sigui Protocol Security Skill 🛡️
Sigui is a multi-chain AI security oracle that evaluates blockchain transactions before they execute. It uses a native Spatio-Temporal Transformer (Trustformer/T-GAT) to detect coordinated attacks in real time — without the 48ms graph-rendering bottleneck of VLM-based approaches.
🧠 Chain of Thought (for OpenClaw Agent)
When a user asks you to verify or execute a blockchain transaction, follow these steps:
- Extract Parameters: Identify the
amount(in USDC value), thedestinationaddress, thechain(default toarc), and theactiontype (transfer,approve,swap, etc.). - Execute Evaluation: Run the
evaluate.pyscript provided in this skill directory using thebashorpythontool. - Parse Verdict:
- Exit code
0(ALLOW): Inform the user that the transaction is safe and proceed. - Exit code
1(BLOCK): DO NOT EXECUTE. Inform the user of the critical threat detected and provide the reason. - Exit code
2(ESCALATE): Inform the user that the transaction requires a deep analysis. Run the script again with the--escalateflag to perform the deep analysis.
- Exit code
- Relay the Result: Format the output nicely using emojis (✅, 🚫, 🔍) and provide the on-chain proof link if available.
Supported Chains
| Chain | Argument | Notes |
|---|---|---|
| ARC (L2) | arc |
Default; ultra-fast, fee-free |
| Ethereum | ethereum |
Mainnet + Sepolia testnet |
| Starknet | starknet |
Cairo contracts deployed on Sepolia |
| Aptos | aptos |
Move contracts on Testnet |
| Solana | solana |
Coming soon |
🛠️ Usage Examples
Method 1 — Python Script (Recommended)
Run the helper script directly from the skill directory. The script uses the rich library to print a beautiful, easy-to-read table.
python ~/.openclaw/workspace/skills/sigui-security/evaluate.py \
--amount 1500.0 \
--destination "0xBadActorAddress" \
--action "transfer" \
--chain "ethereum"
To get raw JSON for programmatic parsing, add the --json flag:
python ~/.openclaw/workspace/skills/sigui-security/evaluate.py \
--amount 1500.0 \
--destination "0xBadActorAddress" \
--json
Method 2 — Deep Analysis (Escalation)
If a transaction returns ESCALATE (or exit code 2), you can request a deep AI analysis. This uses a heavier model (like Qwen2.5 or Claude) to perform a thorough audit of the contract or address.
python ~/.openclaw/workspace/skills/sigui-security/evaluate.py \
--amount 1500.0 \
--destination "0xUnknownAddress" \
--escalate
Method 3 — Inline Python (if bash is unavailable)
import asyncio, sys
sys.path.insert(0, ".")
from sigui import SiguiClient
from sigui.local import start_mock_server
async def check():
server = start_mock_server(port=8765)
client = SiguiClient(api_url="http://127.0.0.1:8765")
result = await client.evaluate(
agent_id="openclaw_agent",
amount=500.0,
destination="0xRecipientAddress",
action_type="transfer",
chain="arc",
)
server.stop()
return result
res = asyncio.run(check())
print(f"Verdict: {res.verdict.value} | Risk: {res.risk_score}")
📊 Interpreting the Verdict
| Verdict | Risk Score | Agent Action Required |
|---|---|---|
ALLOW |
0.0 – 0.35 | ✅ Safe to proceed. Share the safety score with the user. |
ALLOW_WITH_CAP |
0.35 – 0.55 | ⚠️ Safe but enforce the cap_amount_usdc spending limit. |
ESCALATE |
0.55 – 0.80 | 🔍 Request deep analysis (--escalate) before proceeding. |
BLOCK |
0.80 – 1.0 | 🚫 Abort the transaction immediately. Explain the threat. |
Risk score ranges from 0.0 (completely safe) to 1.0 (critical threat).
Safety score = (1 - risk_score) × 1000. Higher is better.
🛡️ Threat Types Detected
Sigui detects the following multi-chain attack patterns in real time:
- Drain Star — One orchestrator wallet draining multiple victim wallets simultaneously.
- Mixing Chain — Funds routed through layered mixer hops to obfuscate origin.
- Sybil Swarm — Coordinated fake-identity cluster attacking governance or airdrops.
- Flash Loan Exploit — Manipulating price oracles within a single atomic block.
- Honeypot Contract — Buy-enabled, sell-disabled token contract trap.
- Rug Pull — Liquidity removal by deployer before community exit.
- Phishing Signature — Malicious
eth_sign/permitapproval requests.
⚙️ Configuration (Optional)
By default, if the Sigui SDK isn't installed or no backend is running, the script falls back to a local mock server for development and testing (no real funds required).
To connect to a live Sigui node, set the environment variables:
export SIGUI_API_URL="https://api.sigui.io"
export SIGUI_CHAIN="arc"
export OPENCLAW_AGENT_ID="my_agent_name"
🔒 Privacy & Cost
- Evaluations on ARC are free (gasless L2).
- Evaluations on Ethereum/Starknet/Aptos cost a micro-fee paid in USDC (~$0.001).
- No transaction data is stored beyond the on-chain proof hash.
- All sensitive fields (wallet keys, private data) stay local — only the metadata is sent for evaluation.
🔗 Links
- 📄 GitHub: https://github.com/ibonon/Sigui
- 📦 PyPI: https://pypi.org/project/sigui-sdk/
- 📖 Whitepaper: Trustformer: A Native Spatio-Temporal Transaction Transformer
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install sigui-security - After installation, invoke the skill by name or use
/sigui-security - Provide required inputs per the skill's parameter spec and get structured output
What is Openclaw Skill?
Evaluate the security of blockchain transactions (EVM, Starknet, Aptos) using the Sigui Protocol AI oracle. Detects drain attacks, mixer chains, Sybil swarms... It is an AI Agent Skill for Claude Code / OpenClaw, with 39 downloads so far.
How do I install Openclaw Skill?
Run "/install sigui-security" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Openclaw Skill free?
Yes, Openclaw Skill is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Openclaw Skill support?
Openclaw Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Openclaw Skill?
It is built and maintained by Warmatrix(familly_name:Warma+matrix) (@ibonon); the current version is v2.0.0.