ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

X Layer Execution Guard

v1.0.1

Run an executable X Layer pre-execution guard for autonomous agents: OnchainOS DEX route judgment, honeypot and price-impact checks, proof-mode evidence, and...

0· 70·0 current·0 all-time
by@richard7463

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for richard7463/xlayer-execution-guard.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "X Layer Execution Guard" (richard7463/xlayer-execution-guard) from ClawHub.
Skill page: https://clawhub.ai/richard7463/xlayer-execution-guard
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install richard7463/xlayer-execution-guard

ClawHub CLI

Package manager switcher

npx clawhub@latest install xlayer-execution-guard
Security Scan
Capability signals
CryptoRequires walletRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description (OnchainOS DEX route judgment, honeypot/impact checks, proof artifacts, optional Agentic Wallet execution) matches the bundled Python code: a Route Referee client, an ExecutionGuard pipeline, and scripts to run and check the wallet. However the registry metadata declared no required environment variables or primary credential while SKILL.md and the runtime client clearly require ONCHAINOS_API_KEY / ONCHAINOS_API_SECRET / ONCHAINOS_API_PASSPHRASE (and accept OKX_* aliases). This metadata omission is an incoherence and reduces transparency.
Instruction Scope
SKILL.md confines runtime steps to token discovery, quotes, simulated proof, and (with explicit approval) onchain execution via the 'onchainos' CLI or the OnchainOS HTTP API. The instructions encourage default 'proof' mode and require explicit approval for live wallet execution. That scope aligns with the code. A caveat: the runtime will call external network APIs (default base https://web3.okx.com) and may invoke the local onchainos CLI (scripts/check_agentic_wallet.py uses subprocess). The SKILL.md accurately documents these behaviors but does not fully manifest in the registry metadata.
Install Mechanism
No network download/install spec is included; the skill is instruction+bundled Python code. requirements.txt only lists 'requests'. No third-party install URLs, extract steps, or obscure external installers are present.
!
Credentials
The runtime client reads and uses API credentials (ONCHAINOS_API_KEY / ONCHAINOS_API_SECRET / ONCHAINOS_API_PASSPHRASE) and proxy/timeouts; it also accepts OKX_* environment aliases. Those credentials are proportionate to performing signed OnchainOS/OKX API calls, but the skill registry metadata claimed no required env vars — an important omission. The code will sign requests with your API secret (HMAC) and will use any provided onchainos CLI that may access local wallets. This requires explicit, informed user consent before supplying secrets or allowing live execution.
Persistence & Privilege
The skill does not request persistent 'always' inclusion, does not modify other skills, and contains no install-time changes or writing to unrelated system-wide configs. It uses the local runtime and may call onchainos if present; that is expected for its purpose.
What to consider before installing
This skill implements exactly what it claims (route checks, honeypot detection, simulated proof, and optional live execution), but it will use signed OnchainOS/OKX API credentials and may invoke a local onchainos CLI to operate a wallet. Before installing or running with real keys: 1) Do not supply API keys unless you trust the skill—review the full _execute_trade implementation (not shown in the truncated listing) and any subprocess calls to confirm no secret exfiltration. 2) Prefer proof mode (--execution-mode proof / --no-execute) for testing. 3) Run the skill in an isolated environment or sandbox first. 4) Ensure plugin.yaml or registry metadata is updated to declare required env vars so you know what secrets are needed. 5) If you plan live runs, require explicit human approval each time and confirm which wallet/onchainos binary will be used (ONCHAINOS_BIN).

Like a lobster shell, security has layers — review code before you run it.

agentvk97766ktmc9caj8nhxc4w24nfn84xd16executionvk97766ktmc9caj8nhxc4w24nfn84xd16latestvk97766ktmc9caj8nhxc4w24nfn84xd16onchainosvk97766ktmc9caj8nhxc4w24nfn84xd16tradingvk97766ktmc9caj8nhxc4w24nfn84xd16xlayervk97766ktmc9caj8nhxc4w24nfn84xd16
70downloads
0stars
2versions
Updated 1w ago
v1.0.1
MIT-0
@richard7463
agentexecutionlatestonchainostradingxlayer
Download

X Layer Execution Guard

Use this skill to turn an agent swap intent into a guarded execution decision and proof artifact.

The installed skill includes its own Python runtime in runtime/ and two scripts in scripts/:

  • scripts/run_execution_guard.py runs the guard CLI.
  • scripts/check_agentic_wallet.py checks whether onchainos and Agentic Wallet are reachable.

Operating Rules

  1. Default to --no-execute or --execution-mode proof while evaluating a request.
  2. Only use --live or --execution-mode agentic-wallet after explicit user approval for a real wallet action.
  3. Treat proof mode as simulated execution evidence. Only agentic-wallet mode can return a real transaction hash.
  4. If OnchainOS API credentials are missing, the runtime returns a mock install-smoke result. Do not present mock output as live proof.
  5. For live X Layer runs, use chain 196 unless the user explicitly chooses another chain.

OpenClaw Quick Start

Set the skill directory first. In OpenClaw it is usually:

SKILL_DIR="$HOME/.openclaw/skills/xlayer-execution-guard"

If installed into a local workdir with ClawHub, use:

SKILL_DIR="$PWD/skills/xlayer-execution-guard"

Install the only runtime dependency if needed:

python3 -m pip install --user -r "$SKILL_DIR/requirements.txt"

Check the Agentic Wallet environment:

python3 "$SKILL_DIR/scripts/check_agentic_wallet.py"

Run a safe pre-execution judgment:

PYTHONPATH="$SKILL_DIR/runtime" python3 "$SKILL_DIR/scripts/run_execution_guard.py" \
  --agent strategy-office \
  --intent-id strategy-office-round-001 \
  --from USDC \
  --to USDT \
  --amount 10 \
  --amount-mode readable \
  --slippage 0.5 \
  --max-impact 1.20 \
  --no-execute \
  --output guard-proof.json

Run proof-mode closed-loop evidence without touching the wallet:

PYTHONPATH="$SKILL_DIR/runtime" python3 "$SKILL_DIR/scripts/run_execution_guard.py" \
  --agent strategy-office \
  --intent-id strategy-office-proof-001 \
  --from USDC \
  --to USDT \
  --amount 10 \
  --amount-mode readable \
  --execution-mode proof \
  --output guard-proof.json

Run a live Agentic Wallet execution only after user approval:

PYTHONPATH="$SKILL_DIR/runtime" python3 "$SKILL_DIR/scripts/run_execution_guard.py" \
  --agent strategy-office \
  --intent-id strategy-office-live-001 \
  --from USDC \
  --to USDT \
  --amount 10 \
  --amount-mode readable \
  --slippage 0.5 \
  --execution-mode agentic-wallet \
  --wallet default \
  --chain 196 \
  --output guard-live-proof.json

--live is an alias for --execution-mode agentic-wallet.

Required Environment

For real OnchainOS route judgment, export API credentials in the OpenClaw environment or ~/.config/onchainos.env:

export ONCHAINOS_API_KEY="..."
export ONCHAINOS_API_SECRET="..."
export ONCHAINOS_API_PASSPHRASE="..."
export ONCHAINOS_CHAIN_INDEX="196"

For live wallet execution, onchainos must be installed and logged in:

onchainos wallet login
onchainos wallet status

What The Guard Checks

The runtime uses OnchainOS DEX Aggregator APIs for:

  • token discovery through /api/v6/dex/aggregator/all-tokens
  • liquidity source discovery through /api/v6/dex/aggregator/get-liquidity
  • aggregated and per-DEX quote comparison through /api/v6/dex/aggregator/quote

The output includes:

  • pre_execution.verdict: execute, resize, retry, or block
  • pre_execution.checks: quote availability, price impact, fallback coverage, token tax, honeypot flags, gas and fee fields
  • execution.status: simulated_success, success, broadcasted, failed, or not_executed
  • post_execution.proof_id and moltbook_summary
  • closed_loop_validation: whether the pre-execution verdict matched the post-execution outcome

Failure Handling

  • Missing API credentials: output is mock mode and suitable only for install verification.
  • wallet_ready=false: run onchainos wallet login in the same OpenClaw environment.
  • verdict=block: do not execute; show the block reason.
  • verdict=resize: execute only if the user accepts the resized risk outcome.
  • Live execution returns no tx hash: preserve the full JSON output and inspect execution.error.

Comments

Loading comments...