ClawHub

Sui Decompile

v1.0.3

Fetch on-chain Sui Move contract source code and let your agent explain how smart contracts work. Scrape from Suivision/Suiscan explorers, analyze DeFi protocols, and understand any contract on Sui.

0· 1.1k·1 current·1 all-time
byEason Chen@easonc13
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (fetch on-chain Sui Move source, analyze contracts) matches the SKILL.md: browser workflows and JS snippets target suivision.xyz and suiscan.xyz and extract table rows as source lines. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
Instructions stay focused on scraping explorer pages and extracting code. They include explicit instructions for headless detection evasion (xvfb, running non-headless, using '--no-sandbox' and '--disable-setuid-sandbox') and to close tabs after use — operationally relevant but not part of the described functionality. These steps can reduce runtime security and may be used to bypass anti-bot measures.
Install Mechanism
This is instruction-only (no install spec or code files). The SKILL.md shows an example using Puppeteer and xvfb for server setups; those are user-side instructions rather than an automated installer. No downloads or obscure URLs are specified by the skill itself.
Credentials
The skill declares no required environment variables, credentials, or config paths and the instructions do not request secrets. This is proportionate to a scraper that targets public explorer pages.
Persistence & Privilege
always is false and the skill does not request persistent system privileges or modify other skills' configs. There is no autonomous privilege escalation indicated beyond normal agent invocation.
Assessment
This skill appears coherent for fetching on-chain Move sources from public explorers. Before installing or running it: (1) be aware the SKILL.md recommends running headless-evasion techniques (xvfb, non-headless Puppeteer, and '--no-sandbox'), which reduce process isolation and can be risky in multi-tenant or production environments — avoid running with '--no-sandbox' as root; prefer running in a properly isolated container and as a non-root user. (2) Installing xvfb and Puppeteer requires system packages (sudo) and additional node packages — review those installs yourself. (3) Scraping may violate site terms of service; confirm permission and rate-limit requests. (4) The skill requests no secrets, but it will fetch and surface potentially sensitive on-chain code — treat fetched code and any derived analysis in accordance with licensing and compliance requirements. If you plan to run automated scraping on servers, restrict network and filesystem access and monitor runtime behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk976thmbqwp51ky25trqthfnr180x9qh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔓 Clawdis

SKILL.md

Sui Decompile Skill

Fetch decompiled source code for on-chain Sui Move packages via block explorers.

GitHub: https://github.com/EasonC13-agent/sui-skills/tree/main/sui-decompile

Suivision (Preferred)

May have official verified source code when available.

URL: https://suivision.xyz/package/{package_id}?tab=Code

Browser workflow:

  1. browser action=open profile=openclaw targetUrl="https://suivision.xyz/package/{package_id}?tab=Code"
  2. Click module tabs on the left if multiple modules exist
  3. Extract code:
() => {
  const rows = document.querySelectorAll('table tr');
  const lines = [];
  rows.forEach(r => {
    const cells = r.querySelectorAll('td');
    if (cells.length >= 2) lines.push(cells[1].textContent);
  });
  return lines.join('\n');
}

Suiscan (Alternative)

URL: https://suiscan.xyz/mainnet/object/{package_id}/contracts

Browser workflow:

  1. browser action=open profile=openclaw targetUrl="https://suiscan.xyz/mainnet/object/{package_id}/contracts"
  2. Click "Source" tab (default may show Bytecode)
  3. Click module tabs if multiple modules
  4. Extract code:
() => {
  const rows = document.querySelectorAll('table tr');
  const lines = [];
  rows.forEach(r => {
    const cells = r.querySelectorAll('td');
    if (cells.length >= 2) lines.push(cells[1].textContent);
  });
  return lines.join('\n') || 'not found';
}

Multiple Modules

Packages like DeepBook (0xdee9) have multiple modules:

  1. List module tabs from sidebar
  2. Click each tab, extract code
  3. Save to separate .move files

Examples

PackageSuivisionSuiscan
Sui Frameworksuivision.xyz/package/0x2?tab=Codesuiscan.xyz/mainnet/object/0x2/contracts
DeepBooksuivision.xyz/package/0xdee9?tab=Codesuiscan.xyz/mainnet/object/0xdee9/contracts

Use with Other Skills

This skill works great with the Sui development skill suite:

  • sui-move: Write and deploy Move smart contracts. Use sui-decompile to study existing contracts, then use sui-move to write your own.
  • sui-coverage: Analyze test coverage. Decompile a contract, write tests for it, then check coverage.

Typical workflow:

  1. sui-decompile - Study how a DeFi protocol works
  2. sui-move - Write your own contract based on learned patterns
  3. sui-coverage - Ensure your code is well-tested

Server/Headless Setup

For running on servers without display (CI/CD, VPS, etc.), use Puppeteer with a virtual display to avoid headless detection:

# Install xvfb (virtual framebuffer)
sudo apt-get install xvfb

# Run with virtual display (avoids headless detection)
xvfb-run --auto-servernum node scraper.js

Puppeteer example:

const puppeteer = require('puppeteer');

async function fetchContractSource(packageId) {
  const browser = await puppeteer.launch({
    headless: false,  // Use 'new' headless or false with xvfb
    args: ['--no-sandbox', '--disable-setuid-sandbox']
  });
  
  const page = await browser.newPage();
  await page.goto(`https://suivision.xyz/package/${packageId}?tab=Code`);
  await page.waitForSelector('table tr');
  
  const code = await page.evaluate(() => {
    const rows = document.querySelectorAll('table tr');
    const lines = [];
    rows.forEach(r => {
      const cells = r.querySelectorAll('td');
      if (cells.length >= 2) lines.push(cells[1].textContent);
    });
    return lines.join('\n');
  });
  
  await browser.close();
  return code;
}

Why xvfb? Some sites detect headless browsers. Running with xvfb-run creates a virtual display, making the browser behave like a real desktop browser.

Notes

  • Suivision may show official verified source (MovebitAudit)
  • Suiscan shows Revela decompiled code
  • Decompiled code may not compile directly
  • Close browser tabs after use!

Related Skills

This skill is part of the Sui development skill suite:

SkillDescription
sui-decompileFetch and read on-chain contract source code
sui-moveWrite and deploy Move smart contracts
sui-coverageAnalyze test coverage with security analysis
sui-agent-walletBuild and test DApps frontend

Workflow:

sui-decompile → sui-move → sui-coverage → sui-agent-wallet
    Study        Write      Test & Audit   Build DApps

All skills: https://github.com/EasonC13-agent/sui-skills

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…