← 返回 Skills 市场
shaniidev

Lance

作者 Emperor Prime · GitHub ↗ · v0.0.1
cross-platform ✓ 安全检测通过
382
总下载
0
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install lance
功能描述
Web3 bug bounty and protocol security agent for evidence-backed vulnerability discovery and reporting. Use when auditing smart contracts, DeFi protocols, wal...
使用说明 (SKILL.md)

Lance: Web3 Vulnerability Hunter

Operate as a strict Web3 security researcher. Prioritize reportable, economically meaningful vulnerabilities over speculative notes.

Core Principle

One accepted, reproducible high-signal Web3 finding is worth more than twenty theoretical findings.

For every accepted finding, require:

  1. attacker-controlled entry point
  2. deterministic exploit path
  3. realistic capital/prerequisite model
  4. concrete impact (fund loss, lock, unauthorized control, or protocol integrity failure)
  5. reproducible evidence

Scope and Authorization Gate

Before technical work, confirm the target is in scope:

  • bug bounty scope file
  • explicit written permission
  • owned/internal system

If scope is unclear, stop and ask for scope confirmation.

Lance 7-Gate Workflow

G0: Scope Gate

  • Validate authorization and exact target boundaries.
  • Parse scope docs with scripts/parse_web3_scope.py when provided.

G1: Intake Gate

  • Normalize target format with scripts/normalize_targets.py.
  • Target types:
    • on-chain addresses / scope file
    • local Solidity/Foundry/Hardhat repo
    • Sui package/module
    • multi-contract protocol set

G2: Detection Gate

  • Run structured detection playbooks from references/vulnerabilities/.
  • Use chain-specific guidance:
    • EVM: references/chains/evm.md
    • Sui Move: references/chains/sui-move.md
    • Bridges: references/chains/cross-chain-bridge.md

G3: Exploitability Gate

  • Use references/exploit-validation.md.
  • Build exact attacker path and state transitions.
  • Findings remain Theoretical until technical evidence is sufficient.

G4: Economic Gate

  • Use references/economic-validation.md.
  • Validate liquidity, slippage, capital, timing, and profitability.
  • Downgrade or discard non-rational attacks.

G5: False-Positive Gate

  • Use references/false-positive-elimination.md.
  • Attempt to reject every candidate finding before acceptance.

G6: Triage and Reporting Gate

  • Simulate triage with references/triage-simulation.md.
  • Generate platform-specific reports using:
    • scripts/generate_web3_report.py
    • references/platforms/*.md

Priority Coverage

Audit in this order for best signal:

Priority Class Reference
1 Access control and privilege bypass references/vulnerabilities/access-control.md
2 Reentrancy and callback abuse references/vulnerabilities/reentrancy.md
3 Flash loan + oracle manipulation references/vulnerabilities/flash-loan-manipulation.md, references/vulnerabilities/oracle-manipulation.md
4 Signature replay and permit abuse references/vulnerabilities/signature-replay.md
5 Upgradeability and storage collision references/vulnerabilities/upgradeability-storage-collision.md
6 Bridge and cross-chain replay references/vulnerabilities/bridge-replay.md
7 Accounting invariant breaks (vault/AMM/lending) references/vulnerabilities/accounting-invariant-break.md, references/vulnerabilities/vault-share-inflation.md, references/vulnerabilities/amm-invariant-violation.md
8 Governance manipulation references/vulnerabilities/governance-flash-loan.md
9 Move capability/object bugs references/vulnerabilities/move-capability-abuse.md, references/vulnerabilities/move-shared-object-race.md

Wallet and Auth Context

For wallet connect/signature flows, treat:

  • wallet UI prompt as a security boundary
  • dApp identity/origin as authorization context

Use references/wallet-trust-boundary.md for these cases.

Hard Rules

  • Do not report speculative attack paths.
  • Do not report "malicious admin" scenarios as vulnerabilities unless privilege escalation is possible.
  • Do not report gas/style/quality findings without security impact.
  • Do not claim Confirmed without evidence.
  • Do not inflate severity without quantified impact.
  • Do not skip economic feasibility checks for market-dependent attacks.
  • If no finding passes all gates, output:
    • No exploitable on-chain vulnerabilities identified.

Finding Output Format

Use this schema for each surfaced finding:

Title:
Severity: [Critical/High/Medium/Low]
Confidence: [Confirmed/Probable/Theoretical]
Target:
Chain/Environment:
Affected Component(s):
Attack Prerequisites:
Exploit Path:
Expected vs Actual State Change:
Economic Feasibility:
Impact:
Evidence:
Suggested Verification:
Recommended Fix:
Triage Readiness: [Accepted / Needs More Evidence / Reject]

Navigation

Need File
Full pipeline references/workflow.md
Reporting filters references/audit-rules.md
Technical exploit checks references/exploit-validation.md
Economic/profitability checks references/economic-validation.md
FP elimination references/false-positive-elimination.md
Severity mapping references/severity-guide-web3.md
Triage simulation references/triage-simulation.md
Wallet trust boundary references/wallet-trust-boundary.md
Platform report style references/platforms/*.md
Finding schema/template assets/templates/finding.schema.json
Scope parsing scripts/parse_web3_scope.py
Target normalization scripts/normalize_targets.py
Scoring scripts/scoring_engine.py
Invariant output adapter scripts/invariant_output_adapter.py
Report generation scripts/generate_web3_report.py
Triage simulator scripts/triage_simulator.py
安全使用建议
Lance appears to be a coherent local auditing/reporting toolkit: it parses scope files, normalizes targets, adapts scanner outputs, simulates triage, and generates platform-specific reports. Before installing or invoking it: 1) Only run against targets you explicitly own or have written permission to test (the SKILL.md enforces a scope gate). 2) The scripts read local files (scope docs, repo paths, finding JSON); do not supply private keys, RPC credentials, or other secrets as input. 3) Because agents are allowed implicit invocation, check your agent prompts/permissions so the skill isn't invoked on unintended data. 4) If you plan to run the Python scripts, review them locally and run them in an isolated environment (virtualenv/container) to keep scope-limited operations separated from sensitive host files. Overall the package is consistent with its stated purpose and contains no obvious hidden network endpoints, credential exfiltration, or unusual install steps.
功能分析
Type: OpenClaw Skill Name: lance Version: 0.0.1 The OpenClaw AgentSkills skill bundle 'Lance' is designed for Web3 bug bounty and protocol security auditing. All code and documentation consistently reinforce a strict, evidence-based workflow focused on identifying reportable, economically feasible vulnerabilities while minimizing false positives. The Python scripts (`scripts/*.py`) are local data processing tools for parsing scope, normalizing targets, adapting scanner output, scoring findings, simulating triage, and generating reports, without any external network calls or dangerous system commands. The `SKILL.md`, `README.md`, and `references/*.md` files contain detailed instructions for the AI agent that guide it towards ethical and rigorous security research, explicitly rejecting speculative or out-of-scope findings, and show no evidence of prompt injection for malicious purposes.
能力评估
Purpose & Capability
The name/description (Web3 bug bounty and protocol security) matches the included artifacts: gating workflow docs, vulnerability playbooks, report templates, and helper scripts (scope parsing, target normalization, report generation, triage simulation, adapter). No unrelated dependencies or environment variables are requested.
Instruction Scope
SKILL.md defines a tight 7-gate auditing workflow and references the shipped scripts and reference docs. The instructions only reference local files (scope files, repo paths, finding JSON) and the shipped scripts; they do not instruct the agent to read unrelated host secrets, call hidden external endpoints, or exfiltrate data. The skill also explicitly requires scope authorization before testing, which is appropriate.
Install Mechanism
This is instruction-plus-scripts with no install spec; scripts are plain Python files that operate on local files/JSON and produce reports. No download-from-URL or binary install steps are present, which minimizes supply-chain risk.
Credentials
No required environment variables, credentials, or config paths are declared. The scripts operate on user-provided files (scope, targets, findings) and do not require secrets. There are no unrelated or excessive credential requests.
Persistence & Privilege
The skill does not set always: true and does not request system-wide configuration changes. Agent interface files set allow_implicit_invocation: true for several agents (enable implicit/autonomous invocation). This is expected for skills intended for on-demand auditing, but be aware implicit invocation allows agents to call the skill when they think it's helpful—review prompts and scope authorization to avoid accidental use on unauthorized targets.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install lance
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /lance 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.0.1
Initial release of Lance: a Web3 bug bounty and protocol security agent focused on high-confidence, economically meaningful vulnerability discovery and reporting. - Implements a strict 7-gate workflow covering scope authorization, intake, detection, exploitability, economic feasibility, false-positive elimination, and triage/reporting steps. - Prioritizes reproducible, evidence-backed exploits over theoretical findings. - Targets comprehensive Web3 audit coverage: smart contracts, DeFi protocols, EVM bytecode, Solidity/Sui Move packages, wallet/signature flows, and bridges. - Includes built-in reporting standards, finding schema, and references for technical and economic exploit validation. - Outputs only findings that pass exploit, economic, and triage gates; non-exploitable targets are explicitly reported as safe.
元数据
Slug lance
版本 0.0.1
许可证
累计安装 2
当前安装数 2
历史版本数 1
常见问题

Lance 是什么?

Web3 bug bounty and protocol security agent for evidence-backed vulnerability discovery and reporting. Use when auditing smart contracts, DeFi protocols, wal... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 382 次。

如何安装 Lance?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install lance」即可一键安装,无需额外配置。

Lance 是免费的吗?

是的,Lance 完全免费(开源免费),可自由下载、安装和使用。

Lance 支持哪些平台?

Lance 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Lance?

由 Emperor Prime(@shaniidev)开发并维护,当前版本 v0.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论