← 返回 Skills 市场
714
总下载
0
收藏
0
当前安装
69
版本数
在 OpenClaw 中安装
/install shenmeng-security-defense-line
功能描述
安全防线 - 全方位安全防护与威胁防御系统。 当用户需要以下功能时触发此skill: (1) 智能合约安全审计与漏洞检测 (2) 钱包安全检测与防护 (3) 交易安全验证与风险预警 (4) 钓鱼网站/诈骗检测 (5) 私钥/助记词安全管理 (6) 多签钱包配置与管理 (7) 安全事件响应与应急处理 (8) 安全策...
安全使用建议
This skill appears to implement the security features it advertises, but there are several red flags you should consider before installing or running it:
- Hardcoded billing credential: payment.py contains a cleartext BILLING_API_KEY and calls https://skillpay.me. Hardcoded keys are insecure and could allow unexpected charges or leak sensitive billing access. Ask the author to remove the embedded key and require a runtime environment variable instead.
- Undeclared environment secrets: SKILL.md and code reference TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID, and SKILLPAY_USER_ID but the skill metadata lists no required env vars. Running the skill may prompt you to provide these secrets or try to operate without them.
- External binaries and network access: scripts expect to call tools like Slither/Mythril and will reach external endpoints. Ensure those binaries are installed from trusted sources, and run the skill in an isolated environment (container/VM) first.
- Long‑running and local monitoring behavior: the monitor and phishing scripts can run as daemons, open a web dashboard, and watch the clipboard. Only run this code in an environment where you permit network egress and local input monitoring; do not run on a machine holding real private keys.
- Billing and payment flow: the skill enforces a payment check at startup (require_payment) and may attempt to charge a user id it finds in the environment. Verify the billing provider (skillpay.me) and the legal/financial implications before using.
Recommended actions before use:
- Request the author to remove embedded API keys and to document required env vars explicitly.
- Review all scripts fully (especially omitted/truncated parts) for any outbound network calls or data exfiltration paths.
- Run the skill in a sandbox (container or ephemeral VM) with no access to your private keys or sensitive files; restrict network egress if possible and inspect outbound traffic.
- If you need only audit functionality, consider using well‑known, audited tools (Slither/Mythril/OpenZeppelin) directly rather than an unvetted bundle.
If you provide the full remaining files (truncated parts) or confirm the intended billing workflow and env var list, I can raise or lower the confidence of this assessment.
能力标签
能力评估
Purpose & Capability
The code files implement the stated features (contract auditor, phishing detector, tx validator, multisig manager, incident responder, monitor). However the SKILL metadata and SKILL.md do not declare required binaries (Slither/Mythril) or several environment variables and credentials that the scripts reference in examples (e.g., TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID, SKILLPAY_USER_ID). The presence of an embedded billing API key in payment.py and a billing configuration in _meta.json conflicts with the declared 'Required env vars: none'.
Instruction Scope
SKILL.md instructs running multiple scripts including long‑running monitoring (security_monitor.py --daemon, --dashboard --port 8080) and a clipboard watch / auto-block mode for phishing_detector. Those runtime behaviors can read local state (clipboard), open network ports, and push alerts externally (Telegram). The SKILL.md config examples reference secrets (Telegram tokens) that are not declared. The instructions also imply the use of external analysis binaries (slither/mythril/aderyn) which are invoked by scripts but not listed as required.
Install Mechanism
There is no install spec (instruction-only), which normally reduces risk, but the bundle includes executable Python scripts that will be run in the agent environment. No third‑party package downloads are declared, but the scripts call external programs (slither/mythril) and external endpoints (skillpay.me). Because code is present and executed ad‑hoc, absence of an install spec is not equivalent to 'no install risk'.
Credentials
The package manifest (_meta.json) indicates billing and expects SKILLPAY_API_KEY / SKILLPAY_USER_ID, yet the skill manifest reported 'Required env vars: none' — a mismatch. payment.py hardcodes a sensitive BILLING_API_KEY inside source code (cleartext secret), and verify_payment() reads SKILLPAY_USER_ID from environment. SKILL.md examples also reference TELEGRAM_BOT_TOKEN and TELEGRAM_CHAT_ID but these are not declared in requirements. These undeclared or embedded credentials are disproportionate and risky.
Persistence & Privilege
The skill is not force-installed (always:false) and allows normal autonomous invocation. However the scripts support daemon mode, a web dashboard, and an alerting pipeline (Telegram/email). If run, the skill can create a persistent process, open network endpoints, and send data externally. That persistence capability combined with the billing integration and hardcoded API key increases the impact if abused.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install shenmeng-security-defense-line - 安装完成后,直接呼叫该 Skill 的名称或使用
/shenmeng-security-defense-line触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2025.4.15
No changes were detected in this version.
- No updates to code or documentation.
- Functionality remains the same as the previous release.
v4.15.0
No file changes were detected in this version.
- No updates, fixes, or new features are included in version 4.15.0.
- The SKILL.md documentation remains unchanged.
v2026.4.14
Version 2026.4.14
- No changes were made in this version; contents remain the same as the previous release.
v101.0.0
Version 101.0.0
- No functional or documentation changes; content remains identical to the previous version.
- This release does not modify any files or configurations.
v2025.4.14
No changes detected in this version.
- No file or documentation changes were found for version 2025.4.14.
- All features and usage remain identical to the previous release.
v12.0.0
Version 12.0.0
- No file changes detected in this release.
- All features, documentation, and workflow remain the same as the previous version.
v1.3.0
Version 1.3.0 of shenmeng-security-defense-line
- No file changes detected in this release.
- Documentation and feature descriptions remain unchanged.
v1.0.2000000000
No functional or content changes detected in this version.
- No file or documentation changes found.
- Version update only; all features and documentation remain unchanged.
v1.0.1776047104
- No file changes detected in this version.
- Functionality and documentation remain unchanged from the previous release.
v2026.4.13-1
No changes in this version.
- The current version does not contain any file changes from the previous release.
v2025.4.13
Version 2025.4.13
- No file changes detected in this release.
- All features, workflows, and documentation remain unchanged.
v2026.4.13
No changes detected in this version.
- This skill version does not introduce any updates or modifications.
- No file or documentation changes found compared to the previous version.
v2025.4.12
Version 2025.4.12
- No file or content changes detected in this update.
- All features, workflows, and documentation remain unchanged from the previous version.
v1000001.0.0
- Initial release of the security-defense-line skill.
- Provides a comprehensive security and threat defense system for digital assets, including contract auditing, wallet safety, transaction validation, phishing detection, key/mnemonic management, multisig wallet management, incident response, and compliance strategy.
- Integrated with SkillPay for paid secure service access.
- Detailed usage workflow, configuration examples, script instructions, and best practices documentation included.
v1.9.0
Version 1.9.0 of shenmeng-security-defense-line
- No file changes detected in this version.
- No visible feature, workflow, or documentation updates.
v2025.4.11
shenmeng-security-defense-line 2025.4.11
- No code or documentation changes detected in this version.
- All features, instructions, and best practices remain unchanged.
v2024.1.0
Version 2024.1.0
- No file or documentation changes detected in this version.
- No feature, configuration, or workflow updates.
v2025.1.0
Version 2025.1.0
- No file changes detected; content and functionality remain the same as the previous version.
- No new features, bug fixes, or documentation updates in this release.
- This version maintains all current security audit, wallet protection, transaction verification, and response capabilities.
v2025.0.0
No changes detected in this version.
- No file changes were made compared to the previous version.
- All features, instructions, and documentation remain unchanged.
v1.2025.411
No user-facing changes detected in this version.
- No modifications or additions to SKILL.md.
- No source or configuration file changes.
- All functionality and documentation remain the same as the previous release.
元数据
常见问题
Security Defense Line 安全防线 是什么?
安全防线 - 全方位安全防护与威胁防御系统。 当用户需要以下功能时触发此skill: (1) 智能合约安全审计与漏洞检测 (2) 钱包安全检测与防护 (3) 交易安全验证与风险预警 (4) 钓鱼网站/诈骗检测 (5) 私钥/助记词安全管理 (6) 多签钱包配置与管理 (7) 安全事件响应与应急处理 (8) 安全策... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 714 次。
如何安装 Security Defense Line 安全防线?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install shenmeng-security-defense-line」即可一键安装,无需额外配置。
Security Defense Line 安全防线 是免费的吗?
是的,Security Defense Line 安全防线 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Security Defense Line 安全防线 支持哪些平台?
Security Defense Line 安全防线 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Security Defense Line 安全防线?
由 shenmeng(@shenmeng)开发并维护,当前版本 v2025.4.15。
推荐 Skills