← 返回 Skills 市场
89
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install shenmeng-defense-line
功能描述
安全防线 - 全方位安全防护与威胁防御系统。 当用户需要以下功能时触发此skill: (1) 智能合约安全审计与漏洞检测 (2) 钱包安全检测与防护 (3) 交易安全验证与风险预警 (4) 钓鱼网站/诈骗检测 (5) 私钥/助记词安全管理 (6) 多签钱包配置与管理 (7) 安全事件响应与应急处理 (8) 安全策...
安全使用建议
Do not run these scripts or give this skill real secrets until the developer clarifies and fixes the mismatches. Specific concerns to ask/require before installing: (1) remove the hard-coded BILLING API key from payment.py and use an environment variable as declared in _meta.json, or explain why the hard-coded key is safe; (2) update the manifest to list all required env vars (SKILLPAY_USER_ID, SKILLPAY_API_KEY if used, TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID) and explain what data is sent to external endpoints (skillpay.me and any others); (3) declare required external binaries (slither, mythril, aderyn, etc.) and document fallback behavior if they are missing; (4) provide the missing referenced script(s) (security_monitor.py) or remove references; (5) review and audit all network calls—the billing calls send a user_id to skillpay.me and the package will contact that external service; (6) prefer platform-native billing instead of a third-party API embedded in code; (7) run the code in an isolated sandbox and review logs/network traffic before using on production wallets. These inconsistencies could be sloppy engineering or intentional; treat the package as untrusted until the above are resolved.
功能分析
Type: OpenClaw Skill
Name: shenmeng-defense-line
Version: 1.0.0
The skill bundle contains a hardcoded API key (sk_f03aa8f8...) in payment.py, which is a significant security vulnerability. While the provided scripts for smart contract auditing and phishing detection (scripts/contract_auditor.py, scripts/phishing_detector.py) appear to be functional or educational mocks, the SKILL.md documentation references a missing script (scripts/security_monitor.py) and describes high-risk capabilities such as private key management and clipboard monitoring without providing robust security implementations. The combination of hardcoded credentials and high-privilege claims in the documentation warrants a suspicious classification.
能力评估
Purpose & Capability
Skill advertises comprehensive on-chain security tooling but the package does not declare required binaries (Slither/Mythril/etc.), required environment variables, or platform billing integration; code files expect external analysis tools and payment handling that are not represented in the manifest or SKILL metadata. Several referenced scripts (e.g., security_monitor.py) are mentioned in SKILL.md but are missing from the file manifest.
Instruction Scope
SKILL.md instructs the agent/user to run multiple scripts that perform network actions and call external tools. The documentation references environment variables (TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID) and a SkillPay flow, but the skill does not declare those env vars or clearly limit what data will be sent to external endpoints. The billing flow will send the provided user_id to an external billing service (skillpay.me).
Install Mechanism
There is no install spec (instruction-only at packaging level), which lowers automatic install risk, but the bundle includes many executable Python scripts that expect external third-party binaries. Because nothing is installed automatically, the primary risk is that a user or agent executing the scripts will run subprocesses or network calls not declared in the manifest.
Credentials
The package manifest (_meta.json) declares payment-related env names (SKILLPAY_API_KEY, SKILLPAY_USER_ID) but the code contradicts this: payment.py contains a hard-coded billing API key and does not read SKILLPAY_API_KEY. SKILL.md and example configs reference TELEGRAM_BOT_TOKEN and TELEGRAM_CHAT_ID but the skill does not require or declare them. Hard-coded secrets and undeclared env requirements are disproportionate and confusing.
Persistence & Privilege
The skill is not marked always:true, does not request platform-wide persistence, and does not declare modifications to other skills or agent configurations. Autonomous invocation remains possible (platform default) but is not combined with other high-privilege flags.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install shenmeng-defense-line - 安装完成后,直接呼叫该 Skill 的名称或使用
/shenmeng-defense-line触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of Security Defense Line, an all-in-one security and threat defense system for digital assets.
- Provides smart contract auditing, vulnerability scanning, and gas optimization.
- Offers wallet security checks including blacklist, entropy, and hardware wallet validation.
- Enables transaction risk analysis, phishing/ scam detection, and multi-signature wallet management.
- Includes incident response, event monitoring, and automated alert systems.
- Features best practice guides and detailed security checklists.
- Integrated with the SkillPay payment system (0.01 USDT/call, BNB Chain).
元数据
常见问题
Security Defense Line 安全防线 是什么?
安全防线 - 全方位安全防护与威胁防御系统。 当用户需要以下功能时触发此skill: (1) 智能合约安全审计与漏洞检测 (2) 钱包安全检测与防护 (3) 交易安全验证与风险预警 (4) 钓鱼网站/诈骗检测 (5) 私钥/助记词安全管理 (6) 多签钱包配置与管理 (7) 安全事件响应与应急处理 (8) 安全策... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 89 次。
如何安装 Security Defense Line 安全防线?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install shenmeng-defense-line」即可一键安装,无需额外配置。
Security Defense Line 安全防线 是免费的吗?
是的,Security Defense Line 安全防线 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Security Defense Line 安全防线 支持哪些平台?
Security Defense Line 安全防线 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Security Defense Line 安全防线?
由 shenmeng(@shenmeng)开发并维护,当前版本 v1.0.0。
推荐 Skills