Safeflow Sui Skill
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is mostly aligned with SafeFlow Sui payment testing, but it can use delegated wallet authority for payments and its API test runs helper code outside the reviewed skill package.
Install only if you intend to test SafeFlow Sui payments. Before running E2E flows, inspect the external agent_scripts code and dependencies, verify the SafeFlow/Walrus endpoints, keep session caps and funds small, and avoid production wallets or secrets unless you fully trust the surrounding repository.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A changed or untrusted local repo helper, or an unexpected npx dependency resolution, could act with the saved SafeFlow payment/session context during the test flow.
The E2E flow runs TypeScript helpers from a repo-level directory that is not included in the reviewed skill manifest, and invokes them through npx/tsx without pinned dependency evidence.
AGENT_SCRIPTS_DIR="$REPO_ROOT/agent_scripts" ... npx tsx create_intent.ts ... npx tsx e2e_runner.ts --once
Only run this flow from a trusted repository; inspect and pin the agent_scripts helpers and package dependencies before using real funds, API keys, or production endpoints.
This is expected for a SafeFlow payment skill, but it means the skill can spend from the delegated SafeFlow wallet within whatever limits the owner configured.
The payment script switches to a locally stored Sui agent address and uses wallet/session-cap identifiers to submit an on-chain payment.
sui client switch --address "$AGENT_ADDRESS" ... --function execute_payment ... --args "$WALLET_ID" "$SESSION_CAP_ID" "$AMOUNT" "$RECIPIENT"
Use limited testnet funds or tightly capped session permissions, verify every recipient and amount, and revoke or expire session caps when testing is complete.
If these files are modified, copied, or reused unexpectedly, later runs may use the wrong wallet/session context or expose operational details.
The script stores delegated payment identifiers and agent context in local config/env files for later autonomous payment and test runs.
"walletId": "$WALLET_ID", "sessionCapId": "$SESSION_CAP_ID", "agentAddress": "$AGENT_ADDRESS"
Keep the generated .safeflow files private, review them before payment runs, and delete or rotate them after the test session.
Payment intent details, transaction digests, and evidence blob references may leave the local environment as part of the intended audit flow.
The documented flow sends payment/test evidence to external Publish API and Walrus services and reports the resulting identifiers.
rely on SDK `executePaymentWithEvidence` to upload reasoning blob to Walrus ... print final `intentId`, status, digest, and blob id
Verify the Publish API and Walrus endpoints, and avoid including sensitive private reasoning or production data unless the storage and retention model is acceptable.