← 返回 Skills 市场
Sui Sec
作者
k66 (Lana Chen)
· GitHub ↗
· v1.0.1
1117
总下载
2
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install suisec
功能描述
Sui Secure - Pre-simulate transactions via sui client call --dry-run and sui client ptb --dry-run, compare results against user intent to detect malicious contract behavior. Only execute if intent matches; block otherwise.
安全使用建议
This tool is generally coherent with its stated purpose, but do not install or wire it into an automated signing/execution pipeline without manual safeguards. Specific actions you should take before using it:
- Verify the correct CLI usage: main.py expects three args in this order: '<ptb_command>' <intended_cost> <owner_address>. Fix SKILL.md or adapt your wrapper so the script is invoked correctly.
- Ensure the agent always prompts the human for the owner address and explicit confirmation before removing '--dry-run' and executing any real transaction.
- Review and augment the audit logic (objectChanges parsing and edge cases) — current detection is simplistic and may miss sophisticated attacks.
- Test on harmless transactions (local/devnet) to confirm outputs and failure modes.
- Prefer manual human review on any BLOCKING or ambiguous results; do not rely solely on automated 'SAFE TO SIGN' messaging.
If you want higher assurance, request an updated skill that corrects the usage examples, documents the expected arguments clearly, and expands detection coverage for object ownership changes and multi-hop/proxy calls.
功能分析
Type: OpenClaw Skill
Name: suisec
Version: 1.0.1
The skill is classified as suspicious due to a potential prompt injection vulnerability against the AI agent and an incomplete security feature. The `SKILL.md` instructs the agent to construct and modify `sui client` commands based on user input (e.g., removing `--dry-run` for final execution), which could be exploited if the agent's parsing logic is not robust. Additionally, the `main.py` script's 'HIJACK' detection logic is noted as incomplete, potentially leading to a false sense of security. While `main.py` itself uses `shlex.split` and `subprocess.run(..., shell=False)` to prevent shell injection within the Python script, the agent's interaction with the skill's instructions and user input presents a vulnerability.
能力评估
Purpose & Capability
Name/description, required binaries (sui, python3) and the brew install for the sui CLI are coherent with a pre-simulation auditor for Sui transactions. However, some examples in SKILL.md (invocation forms) do not match main.py's expected arguments (main.py requires: '<ptb_command>' <intended_cost> <owner_address>), which is an inconsistency between the declared usage and actual code.
Instruction Scope
SKILL.md instructs agents to always dry-run and to only execute real transactions when the audit passes. The Python code does perform a dry-run and exits non-zero on problems, but SKILL.md examples and the example invocation ordering are inconsistent with how main.py parses args. The SKILL.md sometimes suggests automated removal of '--dry-run' and executing the real transaction — that would be an agent-level action outside the script and is potentially dangerous if not gated by explicit, well-documented human confirmation. The audit logic in main.py is simplistic (only basic balanceChanges inspection and a placeholder for objectChanges) and may miss complex attacks; the instructions offer manual fallback checks which are appropriate but the automation claims may give false assurance.
Install Mechanism
Install uses Homebrew to provide the 'sui' binary (a common distribution method). There are no downloads from untrusted URLs, no extract/install of arbitrary archives, and the included setup.sh only checks for the sui binary. Low install risk.
Credentials
The skill requests no environment variables or secrets and the code does not access them. However, calling the local 'sui' CLI will necessarily interact with the user's local Sui configuration and wallets (local keys), so users should be aware the tool inspects simulated outputs derived from their configured account. The skill does not require unrelated credentials.
Persistence & Privilege
The skill is not marked always:true and does not modify system or other-skill configuration. main.py does not write persistent data or install services. Agent autonomous invocation is allowed by default (disable-model-invocation is false) but that is the platform default and not by itself a red flag here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install suisec - 安装完成后,直接呼叫该 Skill 的名称或使用
/suisec触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
- No code or documentation changes in this release.
- Version bump only; content and behavior remain the same as previous version.
v1.0.0
Initial release of Sui Secure (suisec) transaction guard for Sui.
- Adds comprehensive protocol for simulating transactions via `sui client call --dry-run` and `sui client ptb --dry-run`
- Collects and verifies user transaction intent against dry-run results to detect malicious contract behavior
- Integrates an automated auditing script (`main.py`) for `sui client ptb` commands, enforcing outcome-based allow/block rules
- Blocks suspicious transactions and requires explicit user override on threat detection, presenting clear, itemized risk summaries
- Manual analysis and comparison workflow defined for commands not yet supported by the auditor
- Enforces strict, always-dry-run, intent-matching execution policy for Sui transactions
元数据
常见问题
Sui Sec 是什么?
Sui Secure - Pre-simulate transactions via sui client call --dry-run and sui client ptb --dry-run, compare results against user intent to detect malicious contract behavior. Only execute if intent matches; block otherwise. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1117 次。
如何安装 Sui Sec?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install suisec」即可一键安装,无需额外配置。
Sui Sec 是免费的吗?
是的,Sui Sec 完全免费(开源免费),可自由下载、安装和使用。
Sui Sec 支持哪些平台?
Sui Sec 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Sui Sec?
由 k66 (Lana Chen)(@k66inthesky)开发并维护,当前版本 v1.0.1。
推荐 Skills