← 返回 Skills 市场
fwangzil

Safeflow Sui Skill

作者 Togo · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
370
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install safe-flow-sui-skill
功能描述
Use when running SafeFlow against the shared Sui package with owner-assisted provisioning. Trigger for tasks such as creating an agent execution address with...
安全使用建议
What to check before installing or running this skill: - Understand the real effect: the scripts will call your local 'sui' CLI and operate on the local keystore (create addresses, switch active address, create session caps, and execute payments). Only run them if you (or the owner) fully control and trust the keys on that machine. - Packaging gap: the E2E test script expects an agent_scripts directory containing TypeScript runner code (create_intent.ts, e2e_runner.ts) which is not in the bundle. The publish-api test flow will fail unless you supply or inspect those scripts from a trusted source. - Network endpoints: the scripts contact known SafeFlow/Walrus endpoints and public faucets (producer.safeflow.space, dash.safeflow.space, walrus-testnet endpoints). Verify those domain names are the intended services before running against mainnet or trusting them with evidence uploads. - Secrets: the bundle does not request credentials, but you may be asked to pass --postgres-dsn or --api-key when running tests; these contain secrets and will be written into local env files if you use save_owner_config.sh. Do not paste secrets unless you trust the deployment and have reviewed agent_scripts. - Run in a safe environment first: test on a separate machine or testnet wallet with no funds or with testnet faucet funds. Review all scripts line-by-line (you have them) and ensure you are comfortable with the file writes and sui CLI calls. - Avoid autonomous execution: do not allow the skill to run unattended or autonomously execute these scripts, since they can make on-chain payments. Require manual owner approval for any run that will call execute_payment.sh or create session caps. If you need a safer assessment, provide the missing agent_scripts directory (create_intent.ts, e2e_runner.ts) or confirm the origin/trustworthiness of the producer/walrus endpoints and I can reassess with higher confidence.
功能分析
Type: OpenClaw Skill Name: safe-flow-sui-skill Version: 1.0.0 The skill bundle exhibits high-risk behavior by attempting to execute TypeScript files located outside of its own directory structure (specifically in `../../../../agent_scripts/` via `test_publish_api_flow.sh`), which relies on the host's filesystem state and could lead to unauthorized code execution. Additionally, `sync_package_id_to_sql.sh` performs manual SQL string interpolation for SQLite and Postgres, which is a vulnerable pattern, although it includes basic regex-based sanitization. The skill is designed for Sui blockchain operations and interacts with external endpoints at producer.safeflow.space and dash.safeflow.space.
能力评估
Purpose & Capability
Name/description align with the included scripts: they bootstrap an agent address, save owner-provided wallet/session IDs, sync a package id to SQL, run publish-api tests, and execute payments via the Sui CLI. However, the test_publish_api_flow.sh expects an external agent_scripts directory (npx tsx e2e_runner.ts / create_intent.ts) which is not present in the skill bundle — this is a packaging/inclusion mismatch that prevents the claimed E2E flow from running as-is.
Instruction Scope
The SKILL.md instructs the agent/operator to run included shell scripts that: create new Sui addresses (sui client new-address), switch the active address, create wallets/session caps via on-chain calls, and execute payments. Those actions operate on the user's local Sui keystore and can spend funds. The scripts also call external endpoints (producer.safeflow.space, dash.safeflow.space, walrus test endpoints, and public faucets). While these are coherent with the skill's purpose, they meaningfully affect local keys and funds and therefore should not be run without explicit owner approval. The instructions do not ask the agent to read unrelated system files, but they do create and read config/env files under the skill directory.
Install Mechanism
Instruction-only skill with no install spec; included scripts are plain shell files. No downloads or archive extraction are present in the bundle, so there is no installer-based risk in the registry metadata.
Credentials
The skill declares no required environment variables or primary credential. The scripts produce local config (.safeflow-config.json, .safeflow-owner.env, .agent-address.txt, .owner-handoff.json) and accept optional parameters such as --api-key or a Postgres DSN (which could contain credentials) from the operator when invoking the scripts. This is proportionate to running a test harness, but operators must be careful when supplying DSNs/API keys or placing secrets into the generated env file.
Persistence & Privilege
always:false and the skill writes only its own local artifacts under the skill directory by design. However, because the scripts can create addresses, switch active addresses, and execute payments using the local Sui keystore, allowing autonomous model invocation to run these scripts would expand attack surface; combine that with the ability to perform on-chain actions and the skill should not be permitted to run unattended without stronger controls.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install safe-flow-sui-skill
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /safe-flow-sui-skill 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of safe-flow-sui-skill for collaborative SafeFlow contract testing and owner-assisted agent set-up: - Provides scripts for agent-owner handoff, wallet/session configuration, and autonomous payment execution. - Supports end-to-end Publish API and Walrus integration tests. - Enables syncing of Sui package IDs with SQL databases (SQLite or Postgres). - Includes concise workflows and progressive disclosure references for setup, testing, and troubleshooting.
元数据
Slug safe-flow-sui-skill
版本 1.0.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Safeflow Sui Skill 是什么?

Use when running SafeFlow against the shared Sui package with owner-assisted provisioning. Trigger for tasks such as creating an agent execution address with... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 370 次。

如何安装 Safeflow Sui Skill?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install safe-flow-sui-skill」即可一键安装,无需额外配置。

Safeflow Sui Skill 是免费的吗?

是的,Safeflow Sui Skill 完全免费(开源免费),可自由下载、安装和使用。

Safeflow Sui Skill 支持哪些平台?

Safeflow Sui Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Safeflow Sui Skill?

由 Togo(@fwangzil)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论