← 返回 Skills 市场
262
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install shll-run
功能描述
Execute DeFi transactions on BSC via SHLL AgentNFA. The AI handles all commands and users only need to chat.
安全使用建议
This skill is plausibly what it claims (an operator hot-wallet is needed to send transactions), but there are important warning signs you should resolve before installing or using it: 1) The registry metadata omits the required RUNNER_PRIVATE_KEY while the SKILL.md/README require it — demand that the registry entry be corrected or explained. 2) Never paste or store your main/private keys in plaintext; follow the README's advice to use a dedicated operator hot wallet with minimal BNB, and treat that wallet as disposable. 3) Avoid embedding the operator key into long-lived config files (Claude/Cursor JSON) — prefer ephemeral session injection or an in-memory agent secret, and delete any stored copies afterward. 4) Verify the npm package and GitHub repository (shll-skills) exist, inspect the package source, and confirm the PolicyGuard contract address on BscScan before trusting the system. 5) Prefer using a private RPC and audit any MCP/CLI binaries you run. If you cannot or will not inspect the npm package/repo and confirm the on-chain contracts, do not supply any private keys or install the skill.
功能分析
Type: OpenClaw Skill
Name: shll-run
Version: 6.0.4
The shll-run skill bundle provides a DeFi execution layer for AI agents on the BNB Chain, featuring a dual-wallet architecture and on-chain policy enforcement via a 'PolicyGuard' contract (0x25d17eA0e3Bcb8CA08a2BFE917E817AFc05dbBB3). The instructions in SKILL.md and README.md prioritize safety, requiring user confirmation for transactions and explicitly warning against using primary wallets for the operator key. No indicators of data exfiltration, malicious execution, or harmful prompt injection were found.
能力评估
Purpose & Capability
The stated purpose (execute policy-limited DeFi actions on BSC) legitimately requires an operator key and RPC endpoint; that part is coherent. However the registry metadata lists no required env vars while SKILL.md/README require RUNNER_PRIVATE_KEY (operator private key) and optionally SHLL_RPC — this metadata mismatch is inconsistent and reduces trust.
Instruction Scope
SKILL.md and README explicitly instruct putting RUNNER_PRIVATE_KEY into agent config files (e.g., Claude desktop JSON, Cursor mcp.json) and say the AI should set RUNNER_PRIVATE_KEY for sessions automatically. That directs agents/users to store and expose a private key in plaintext and instructs the agent to access/modify local agent config paths — scope creep that increases risk of key leakage or accidental persistent storage.
Install Mechanism
The skill is instruction-only in the registry (no install spec), but SKILL.md recommends installing the npm package (npm install -g shll-skills). Using npm is standard and the SKILL.md cites the public npm registry and a GitHub repo. Because the registry entry provides no install script while the documentation references an external npm package, you should verify the published npm package and repo before installing.
Credentials
Requesting an operator private key is proportionate to executing signed on-chain transactions. However the README/SKILL.md's advice to embed the key in desktop or project config files and to have the agent set the env var automatically increases exposure. Also the registry metadata failing to declare RUNNER_PRIVATE_KEY is a red flag — the skill requests sensitive credentials but the registry record does not advertise them.
Persistence & Privilege
The skill does not request 'always:true' and allows autonomous invocation (normal), but its instructions encourage writing sensitive keys into long-lived agent config files (Claude/Cursor), which grants persistent local exposure. It also encourages running an MCP server process configured with the private key, which if misconfigured could persist the key on disk or in logs.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install shll-run - 安装完成后,直接呼叫该 Skill 的名称或使用
/shll-run触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v6.0.4
Add on-chain enforcement evidence to policy rejection output; enhance SKILL.md with product overview, security architecture diagram, and 4-policy stack documentation
元数据
常见问题
SHLL Safe Execution 是什么?
Execute DeFi transactions on BSC via SHLL AgentNFA. The AI handles all commands and users only need to chat. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 262 次。
如何安装 SHLL Safe Execution?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install shll-run」即可一键安装,无需额外配置。
SHLL Safe Execution 是免费的吗?
是的,SHLL Safe Execution 完全免费(开源免费),可自由下载、安装和使用。
SHLL Safe Execution 支持哪些平台?
SHLL Safe Execution 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 SHLL Safe Execution?
由 kledx(@kledx)开发并维护,当前版本 v6.0.4。
推荐 Skills