← Back to Skills Marketplace
370
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install safe-flow-sui-skill
Description
Use when running SafeFlow against the shared Sui package with owner-assisted provisioning. Trigger for tasks such as creating an agent execution address with...
Usage Guidance
What to check before installing or running this skill:
- Understand the real effect: the scripts will call your local 'sui' CLI and operate on the local keystore (create addresses, switch active address, create session caps, and execute payments). Only run them if you (or the owner) fully control and trust the keys on that machine.
- Packaging gap: the E2E test script expects an agent_scripts directory containing TypeScript runner code (create_intent.ts, e2e_runner.ts) which is not in the bundle. The publish-api test flow will fail unless you supply or inspect those scripts from a trusted source.
- Network endpoints: the scripts contact known SafeFlow/Walrus endpoints and public faucets (producer.safeflow.space, dash.safeflow.space, walrus-testnet endpoints). Verify those domain names are the intended services before running against mainnet or trusting them with evidence uploads.
- Secrets: the bundle does not request credentials, but you may be asked to pass --postgres-dsn or --api-key when running tests; these contain secrets and will be written into local env files if you use save_owner_config.sh. Do not paste secrets unless you trust the deployment and have reviewed agent_scripts.
- Run in a safe environment first: test on a separate machine or testnet wallet with no funds or with testnet faucet funds. Review all scripts line-by-line (you have them) and ensure you are comfortable with the file writes and sui CLI calls.
- Avoid autonomous execution: do not allow the skill to run unattended or autonomously execute these scripts, since they can make on-chain payments. Require manual owner approval for any run that will call execute_payment.sh or create session caps.
If you need a safer assessment, provide the missing agent_scripts directory (create_intent.ts, e2e_runner.ts) or confirm the origin/trustworthiness of the producer/walrus endpoints and I can reassess with higher confidence.
Capability Analysis
Type: OpenClaw Skill
Name: safe-flow-sui-skill
Version: 1.0.0
The skill bundle exhibits high-risk behavior by attempting to execute TypeScript files located outside of its own directory structure (specifically in `../../../../agent_scripts/` via `test_publish_api_flow.sh`), which relies on the host's filesystem state and could lead to unauthorized code execution. Additionally, `sync_package_id_to_sql.sh` performs manual SQL string interpolation for SQLite and Postgres, which is a vulnerable pattern, although it includes basic regex-based sanitization. The skill is designed for Sui blockchain operations and interacts with external endpoints at producer.safeflow.space and dash.safeflow.space.
Capability Assessment
Purpose & Capability
Name/description align with the included scripts: they bootstrap an agent address, save owner-provided wallet/session IDs, sync a package id to SQL, run publish-api tests, and execute payments via the Sui CLI. However, the test_publish_api_flow.sh expects an external agent_scripts directory (npx tsx e2e_runner.ts / create_intent.ts) which is not present in the skill bundle — this is a packaging/inclusion mismatch that prevents the claimed E2E flow from running as-is.
Instruction Scope
The SKILL.md instructs the agent/operator to run included shell scripts that: create new Sui addresses (sui client new-address), switch the active address, create wallets/session caps via on-chain calls, and execute payments. Those actions operate on the user's local Sui keystore and can spend funds. The scripts also call external endpoints (producer.safeflow.space, dash.safeflow.space, walrus test endpoints, and public faucets). While these are coherent with the skill's purpose, they meaningfully affect local keys and funds and therefore should not be run without explicit owner approval. The instructions do not ask the agent to read unrelated system files, but they do create and read config/env files under the skill directory.
Install Mechanism
Instruction-only skill with no install spec; included scripts are plain shell files. No downloads or archive extraction are present in the bundle, so there is no installer-based risk in the registry metadata.
Credentials
The skill declares no required environment variables or primary credential. The scripts produce local config (.safeflow-config.json, .safeflow-owner.env, .agent-address.txt, .owner-handoff.json) and accept optional parameters such as --api-key or a Postgres DSN (which could contain credentials) from the operator when invoking the scripts. This is proportionate to running a test harness, but operators must be careful when supplying DSNs/API keys or placing secrets into the generated env file.
Persistence & Privilege
always:false and the skill writes only its own local artifacts under the skill directory by design. However, because the scripts can create addresses, switch active addresses, and execute payments using the local Sui keystore, allowing autonomous model invocation to run these scripts would expand attack surface; combine that with the ability to perform on-chain actions and the skill should not be permitted to run unattended without stronger controls.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install safe-flow-sui-skill - After installation, invoke the skill by name or use
/safe-flow-sui-skill - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of safe-flow-sui-skill for collaborative SafeFlow contract testing and owner-assisted agent set-up:
- Provides scripts for agent-owner handoff, wallet/session configuration, and autonomous payment execution.
- Supports end-to-end Publish API and Walrus integration tests.
- Enables syncing of Sui package IDs with SQL databases (SQLite or Postgres).
- Includes concise workflows and progressive disclosure references for setup, testing, and troubleshooting.
Metadata
Frequently Asked Questions
What is Safeflow Sui Skill?
Use when running SafeFlow against the shared Sui package with owner-assisted provisioning. Trigger for tasks such as creating an agent execution address with... It is an AI Agent Skill for Claude Code / OpenClaw, with 370 downloads so far.
How do I install Safeflow Sui Skill?
Run "/install safe-flow-sui-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Safeflow Sui Skill free?
Yes, Safeflow Sui Skill is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Safeflow Sui Skill support?
Safeflow Sui Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Safeflow Sui Skill?
It is built and maintained by Togo (@fwangzil); the current version is v1.0.0.
More Skills