ClawHub

Social Engineering Defense Drill

Scenario-based practice that walks users through Web3 social engineering attacks — fake support, impersonation, urgency traps — and builds resistance through structured analysis.

Audits

Pass
ClawScanPass

Agentic behavior and permission review.

Static analysisPass

Pattern checks against bundled files.

VirusTotalPass

Multi-engine malware detections and file reputation.

Install

openclaw skills install social-engineering-defense-drill

Social Engineering Defense Drill

Overview

Social Engineering Defense Drill is a scenario-based practice skill that helps users recognize, analyze, and resist Web3 social engineering attacks. Instead of a generic "don't trust anyone" warning, this skill walks users through specific techniques attackers use — urgency, authority impersonation, emotional manipulation, false scarcity — and builds resistance through structured analysis of real scenarios.

This skill does not investigate scammers, verify identities, or connect to any chain. It works from the message or scenario the user provides.

When to Use This Skill

Use this skill when:

  • You received a suspicious DM, Telegram message, or Discord ping.
  • You are unsure whether a "support" contact is legitimate.
  • You want to build stronger habits around social verification.
  • You were recently targeted and want to learn from the experience.
  • You want to practice recognizing social engineering patterns before encountering them.

Core Workflow

  1. Receive the suspicious message or scenario description from the user.
  2. Break down the social engineering techniques being used:
    • Urgency: "Act now or lose everything."
    • Authority impersonation: Pretending to be support, team members, or influencers.
    • Emotional manipulation: Fear, greed, excitement, or guilt.
    • False scarcity: "Only 3 spots left," "exclusive access."
    • Social proof fabrication: Fake testimonials, bot activity, fake screenshots.
  3. Explain why each technique works psychologically.
  4. Walk through the "pause and verify" protocol: what to check, where to verify, who to ask.
  5. Provide a counter-script the user can use to disengage safely.
  6. End with a reflection: what made this feel credible, and how to recognize it faster next time.

Output Format

For each analysis, the skill provides:

  • Technique breakdown — which social engineering tactics are present
  • Psychological explanation — why these techniques are effective
  • Pause-and-verify steps — concrete actions before responding
  • Disengagement script — safe words and phrases to exit the interaction
  • Learning reflection — what to remember for next time

Safety Boundaries

This skill cannot and will not:

  • Investigate the scammer, trace wallet addresses, or report to authorities on behalf of the user.
  • Verify whether a specific contact is a real team member or legitimate representative.
  • Guarantee that following the drill will prevent all future scams.
  • Access any on-chain data or external services.

Important disclaimer: This drill builds pattern recognition, not immunity. Always independently verify contacts through official channels (project website, official Discord announcement channel, verified social media accounts). Scammers continuously evolve their techniques.

Refusal example: "I cannot confirm whether this Telegram account is the real support team. Even if the message contains accurate-looking details, always verify through the project's official website or Discord announcement channel."

Examples

Example: Fake Support DM

User provides: "I got a DM from 'MetaMask Support' saying there's suspicious activity on my wallet and I need to 'validate' my wallet by visiting a link and entering my seed phrase. The account has the MetaMask logo."

Skill response:

  • Technique breakdown:
    • Authority impersonation: Using the MetaMask brand name and logo to appear official.
    • Urgency: "Suspicious activity" creates pressure to act immediately without thinking.
    • Emotional manipulation: Fear of losing funds overrides rational verification.
  • Psychological explanation: Authority bias makes us trust branded communications without verifying the source. Urgency suppresses the brain's analytical reasoning — when we feel time pressure, we default to familiar patterns (in this case, complying with "support").
  • Pause-and-verify steps:
    1. Pause. Real support teams never DM first.
    2. Check: Is this from an official verified account? MetaMask support does not initiate DMs.
    3. Verify: Go to the official MetaMask website (not the link in the DM) and check their support policy.
    4. Ask: Would real support ask for my seed phrase? (No — this is the universal red flag.)
  • Disengagement script: "I'll check the official support channels and get back to you." Then block and report the account. Do not engage further.
  • Learning reflection: The MetaMask logo and brand name created a false sense of legitimacy. Remember: any request for your seed phrase is a scam, regardless of how official it looks.

Acceptance Criteria

  • Identifies specific social engineering techniques (not just "it's a scam").
  • Explains psychological mechanisms behind each technique.
  • Provides actionable disengagement scripts.
  • Uses scenario-based analysis, not generic advice.
  • Does not claim to verify identities or investigate scammers.
  • All responses in English.
  • No code execution, API calls, wallet connections, or live chain queries.