← 返回 Skills 市场
1322
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install aegis-security-hackathon
功能描述
Blockchain security scanner for AI agents (testnet). Pay with Base Sepolia USDC via x402 protocol.
使用说明 (SKILL.md)
Aegis402 Shield Protocol (Hackathon/Testnet)
Blockchain security API for AI agents. Testnet version - pay with Base Sepolia USDC.
⚠️ This is the hackathon/testnet deployment. For production, use aegis-security.
Skill Files
| File | URL |
|---|---|
| SKILL.md (this file) | https://hackathon.aegis402.xyz/skill.md |
| package.json (metadata) | https://hackathon.aegis402.xyz/skill.json |
Base URL: https://hackathon.aegis402.xyz/v1
Quick Start
npm install @x402/fetch @x402/evm
import { x402Client, wrapFetchWithPayment } from '@x402/fetch';
import { ExactEvmScheme } from '@x402/evm/exact/client';
const client = new x402Client()
.register('eip155:*', new ExactEvmScheme(yourEvmWallet));
const fetch402 = wrapFetchWithPayment(fetch, client);
// Payments on Base Sepolia (testnet USDC)
const res = await fetch402('https://hackathon.aegis402.xyz/v1/check-token/0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48?chain_id=1');
const data = await res.json();
Requirements: Testnet USDC on Base Sepolia (chain ID 84532)
Get testnet USDC: Base Sepolia Faucet
Pricing (Testnet USDC)
| Endpoint | Price | Use Case |
|---|---|---|
POST /simulate-tx |
$0.05 | Transaction simulation, DeFi safety |
GET /check-token/:address |
$0.01 | Token honeypot detection |
GET /check-address/:address |
$0.005 | Address reputation check |
Endpoints
Check Token ($0.01)
Scan any token for honeypots, scams, and risks.
curl "https://hackathon.aegis402.xyz/v1/check-token/0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48?chain_id=1"
Response:
{
"address": "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48",
"isHoneypot": false,
"trustScore": 95,
"risks": [],
"_meta": { "requestId": "uuid", "duration": 320 }
}
Check Address ($0.005)
Verify if address is flagged for phishing or poisoning.
curl "https://hackathon.aegis402.xyz/v1/check-address/0x742d35Cc6634C0532925a3b844Bc454e4438f44e"
Response:
{
"address": "0x742d35Cc6634C0532925a3b844Bc454e4438f44e",
"isPoisoned": false,
"reputation": "NEUTRAL",
"tags": ["wallet", "established"],
"_meta": { "requestId": "uuid", "duration": 180 }
}
Simulate Transaction ($0.05)
Predict balance changes and detect threats before signing.
curl -X POST "https://hackathon.aegis402.xyz/v1/simulate-tx" \
-H "Content-Type: application/json" \
-d '{
"from": "0xYourWallet...",
"to": "0xContract...",
"value": "1000000000000000000",
"data": "0x...",
"chain_id": 8453
}'
Response:
{
"isSafe": true,
"riskLevel": "LOW",
"simulation": {
"balanceChanges": [
{ "asset": "USDC", "amount": "-100.00", "address": "0x..." }
]
},
"warnings": [],
"_meta": { "requestId": "uuid", "duration": 450 }
}
x402 Payment Flow (Testnet)
- Agent calls any paid endpoint
- Receives
402 Payment Requiredwith Base Sepolia payment instructions - Pays testnet USDC on Base Sepolia (chain ID: 84532)
- Retries request with payment proof header
- Gets security scan result
Network: Base Sepolia (eip155:84532) Currency: Testnet USDC
Use Cases for AI Agents
Before Swapping Tokens
const tokenCheck = await fetch402(`https://hackathon.aegis402.xyz/v1/check-token/${tokenAddress}?chain_id=8453`);
const { isHoneypot, trustScore } = await tokenCheck.json();
if (isHoneypot || trustScore \x3C 50) {
console.log('⚠️ Risky token detected!');
}
Before Signing Transactions
const simulation = await fetch402('https://hackathon.aegis402.xyz/v1/simulate-tx', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ from, to, value, data, chain_id: 8453 })
});
const { isSafe, riskLevel, warnings } = await simulation.json();
if (!isSafe || riskLevel === 'CRITICAL') {
console.log('🚨 Dangerous transaction!', warnings);
}
Risk Levels
| Level | Meaning |
|---|---|
SAFE |
No issues detected |
LOW |
Minor concerns, generally safe |
MEDIUM |
Some risks, proceed with caution |
HIGH |
Significant risks detected |
CRITICAL |
Do not proceed |
Supported Chains (for scanning)
| Chain | ID | check-token | check-address | simulate-tx |
|---|---|---|---|---|
| Ethereum | 1 | ✅ | ✅ | ✅ |
| Base | 8453 | ✅ | ✅ | ✅ |
| Polygon | 137 | ✅ | ✅ | ✅ |
| Arbitrum | 42161 | ✅ | ✅ | ✅ |
| Optimism | 10 | ✅ | ✅ | ✅ |
| BSC | 56 | ✅ | ✅ | ✅ |
Health Check (Free)
curl https://hackathon.aegis402.xyz/health
Links
- Hackathon API: https://hackathon.aegis402.xyz
- Production API: https://aegis402.xyz
- GitHub: https://github.com/SwiftAdviser/aegis-402-shield-protocol
- x402 Protocol: https://docs.x402.org
🛡️ Built for the Agentic Economy. Powered by x402 Protocol.
安全使用建议
This skill appears to be a legitimate pay-per-request testnet scanner, but there are important gaps and inconsistencies you should resolve before enabling it:
- Do not provide your mainnet/private signing key to any agent. The skill requires an EVM wallet to sign x402 payments but does not declare this. If you want to test it, use an ephemeral testnet-only wallet with only small funds.
- Ask the author to clarify the chain IDs and networks (examples use 1, 8453, and metadata says 84532). Confirm which chain IDs map to which networks to avoid accidental mainnet usage.
- Verify the domain and code: check the linked GitHub repository and TLS certificate for hackathon.aegis402.xyz to confirm identity before sending any payments.
- Be cautious installing the recommended npm packages; prefer pinned versions and review their source if you plan to run code that will sign transactions.
- If you want to proceed: only allow the agent to use an isolated/test wallet, monitor payment requests, and test first with the free health endpoint (no payment) to validate connectivity.
If the developer cannot clarify the wallet requirement and chain ID inconsistencies, treat this skill as untrusted.
功能分析
Type: OpenClaw Skill
Name: aegis-security-hackathon
Version: 1.0.0
The skill bundle is benign, providing clear instructions for an AI agent to interact with a blockchain security API on a testnet. All network calls and package installations (`@x402/fetch`, `@x402/evm`) are directly related to the stated purpose of blockchain security scanning and its associated payment protocol. There is no evidence of prompt injection attempts, data exfiltration, malicious execution, persistence, or obfuscation across `_meta.json`, `SKILL.md`, and `package.json`.
能力评估
Purpose & Capability
Name, description, endpoints, and pricing align with a pay-per-request blockchain security API. Requiring x402 client libraries to perform pay-to-use calls is expected. However, the documentation expects the agent to provide an EVM wallet for payment signing (yourEvmWallet) but the skill declares no required credentials or env vars — this omission is surprising.
Instruction Scope
SKILL.md instructs the agent to call external API endpoints and to wrap fetch with a payment-enabled client. It does not tell the agent to read local files or secrets explicitly, but it implicitly assumes access to an EVM wallet capable of signing payments. There are also multiple inconsistent chain_id values in examples (metadata lists 84532; examples use 8453 and 1), which is confusing and could cause mistaken mainnet requests or mis-payment.
Install Mechanism
The skill is instruction-only (no install spec). It recommends npm packages (@x402/fetch, @x402/evm). That is a reasonable dependency for the stated x402 payment flow, but installing third‑party npm packages carries the usual supply‑chain risks — the skill does not include audited code or pin versions.
Credentials
No environment variables are declared, but the instructions require an EVM wallet object to sign payments (e.g., a private key or unlocked wallet). Requesting signing capability (private key or wallet access) is proportionate to paying for scans, but omitting this from requires.env and not warning the user is a transparency issue and increases risk of accidental secret exposure.
Persistence & Privilege
The skill does not request persistent installation, does not set always:true, and has no install scripts. It therefore does not demand elevated or permanent privileges on the agent platform.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install aegis-security-hackathon - 安装完成后,直接呼叫该 Skill 的名称或使用
/aegis-security-hackathon触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial testnet release of Aegis402 Shield Protocol as a blockchain security API for AI agents.
- Enables security scans for tokens and addresses, as well as transaction simulation, with pricing in Base Sepolia testnet USDC.
- Supports payment via x402 protocol; endpoints require payment proof before returning results.
- Key endpoints: check-token (honeypot/scam detection), check-address (reputation), simulate-tx (threat prediction and balance simulation).
- Compatible with multiple EVM chains, including Ethereum, Base, Polygon, Arbitrum, Optimism, and BSC.
- Includes developer instructions, response examples, and testnet faucet link for setup.
元数据
常见问题
Hackathon 是什么?
Blockchain security scanner for AI agents (testnet). Pay with Base Sepolia USDC via x402 protocol. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1322 次。
如何安装 Hackathon?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install aegis-security-hackathon」即可一键安装,无需额外配置。
Hackathon 是免费的吗?
是的,Hackathon 完全免费(开源免费),可自由下载、安装和使用。
Hackathon 支持哪些平台?
Hackathon 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Hackathon?
由 Roman(@swiftadviser)开发并维护,当前版本 v1.0.0。
推荐 Skills