ClawHub

ShieldBot BNB Chain Security Scanner

v1.0.1

BNB Chain security scanner — scan contracts, simulate transactions, detect phishing, investigate deployers, track scam campaigns, and audit wallet approvals...

0· 139·0 current·0 all-time
byRidwan Nurudeen@ridwannurudeen

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for ridwannurudeen/shieldbot-security.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "ShieldBot BNB Chain Security Scanner" (ridwannurudeen/shieldbot-security) from ClawHub.
Skill page: https://clawhub.ai/ridwannurudeen/shieldbot-security
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: python
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install shieldbot-security

ClawHub CLI

Package manager switcher

npx clawhub@latest install shieldbot-security
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included code and SKILL.md: the Python client calls ShieldBot API endpoints to scan contracts, simulate transactions, check phishing, inspect deployers, list campaigns, and audit approvals. Required binaries (python) and the minimal requests dependency are proportionate to the stated purpose.
Instruction Scope
SKILL.md instructs the agent to call local Python client scripts that POST/GET user-supplied contract addresses, transaction parameters, wallet addresses, URLs, and free-text questions to the ShieldBot API. That is expected for this product, but it means user-supplied inputs will be sent to an external service. Also the trigger keyword list is broad and could cause accidental activation—consider stricter invocation rules if privacy is a concern.
Install Mechanism
No download-from-URL installs or archive extraction. The only dependency is the well-known 'requests' package declared in requirements.txt; installation via pip is typical and proportional.
Credentials
The skill does not require credentials or sensitive environment variables. It exposes a single optional override SHIELDBOT_API_BASE to point at a different API endpoint. No secret tokens, keys, or config paths are requested.
Persistence & Privilege
The skill does not request always:true or other elevated privileges, and does not attempt to modify other skills or system-wide settings. It runs as an invoked Python client and returns formatted output.
Assessment
This skill appears coherent for a contract/transaction scanner, but it will transmit any addresses, transaction parameters, URLs, and free-text questions you provide to the external ShieldBot API (https://api.shieldbotsecurity.online) which is unauthenticated and may log queries. Before installing: 1) Verify you trust the ShieldBot service and the GitHub source (the SKILL metadata points to an external repo). 2) Never send private keys, seed phrases, or wallet JSON — the skill does not request them but user mistakes could leak them. 3) If privacy/logging is a concern, set SHIELDBOT_API_BASE to a vetted endpoint or avoid sending sensitive identifiers, and consider disabling autonomous invocation or narrowing trigger keywords to avoid accidental calls. 4) Note small implementation quirks (inconsistent param names like chainId vs chain_id) — functionality may need testing. If you need stronger guarantees about where data goes, review and run the included Python client locally or inspect the ShieldBot API/privacy policy first.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🛡️ Clawdis
OSWindows · Linux · macOS
Binspython
latestvk97194hnp6fb0q3jjqw1t8004583c09w
139downloads
0stars
2versions
Updated 1mo ago
v1.0.1
MIT-0
Windows, Linux, macOS
Ridwan Nurudeen@ridwannurudeen
latest
Download

ShieldBot Security Skill

Autonomous transaction firewall for BNB Chain and 6 EVM networks. Scan contracts, simulate transactions before signing, investigate deployers, detect phishing, audit wallet approvals, and monitor live threats.

Base URL: https://api.shieldbotsecurity.online — No API key required.

Trigger Keywords

Activate this skill when the user says any of: scan, simulate, firewall, deployer, threats, phishing, check url, scammers, campaigns, approvals, rescue, shieldbot, or ask shieldbot.

Commands

When the user triggers a command, run the corresponding shell command. Replace {baseDir} with the skill's install directory.

scan — Contract Security Scan

User says: "scan 0x..." or "is this contract safe" + address

python "{baseDir}/shieldbot_client.py" --action scan --address ADDRESS --chain CHAIN_ID

Default chain: 56 (BSC). Always ask for the address if not provided.

simulate — Transaction Firewall

User says: "simulate this transaction" or "is this tx safe" + params

python "{baseDir}/shieldbot_client.py" --action simulate --to TO_ADDRESS --from-addr FROM_ADDRESS --value VALUE_HEX --data CALLDATA_HEX --chain CHAIN_ID

All params required. --value defaults to 0x0, --data defaults to 0x.

If the result shows classification: BLOCK_RECOMMENDED, warn the user immediately. Do NOT advise proceeding.

deployer — Deployer Investigation

User says: "deployer 0x..." or "who deployed this" or "check deployer"

python "{baseDir}/shieldbot_client.py" --action deployer --address ADDRESS --chain CHAIN_ID

A deployer with campaign.severity: HIGH and multiple high-risk contracts is a serial scammer. Warn even if the current token scan looks clean.

threats — Live Threat Feed

User says: "threats" or "what threats are active" or "latest scams"

python "{baseDir}/shieldbot_client.py" --action threats --limit 10 --chain CHAIN_ID

check — Phishing URL Detection

User says: "check [url]" or "is this site safe" or "phishing check"

python "{baseDir}/shieldbot_client.py" --action phishing --url "URL"

If is_phishing: true, warn: "Do NOT connect your wallet to this site."

scammers — Top Scam Campaigns

User says: "scammers" or "top scam deployers" or "active campaigns"

python "{baseDir}/shieldbot_client.py" --action campaigns --limit 10

approvals — Wallet Approval Audit

User says: "approvals 0x..." or "check my approvals" or "am I exposed"

python "{baseDir}/shieldbot_client.py" --action approvals --address WALLET_ADDRESS --chain CHAIN_ID

For each HIGH risk approval, explain what the spender can do and recommend revoking.

ask — AI Security Advisor

User says: "ask shieldbot [question]" or any DeFi security question

python "{baseDir}/shieldbot_client.py" --action ask --message "USER_QUESTION" --chain CHAIN_ID

Response Rules

  1. Wrap all command output in a markdown code block (triple backticks).
  2. Lead with the verdict or classification — never bury the risk score.
  3. If honeypot is detected, say it first regardless of anything else.
  4. Always note that automated scans are not financial advice.
  5. Default to BSC (chain 56) if the user does not specify a chain.

Supported Chains

ChainchainId
BNB Smart Chain56
Ethereum1
Base8453
Arbitrum One42161
Polygon137
Optimism10
opBNB204

Risk Score Guide

  • 0-20: SAFE — No issues detected
  • 21-40: LOW RISK — Minor concerns
  • 41-60: MEDIUM RISK — Proceed with caution
  • 61-80: HIGH RISK — Significant red flags, recommend avoiding
  • 81-100: CRITICAL — Almost certainly a scam, do NOT interact

Security & Privacy

This skill sends data to ShieldBot's public API at api.shieldbotsecurity.online. Here is exactly what is transmitted and why:

  • Contract addresses — sent to /api/scan to check for honeypots, hidden mints, and rug pull patterns. Required for the scan to work.
  • Transaction parameters (to, from, value, data) — sent to /api/firewall to simulate transactions before signing. Required to detect dangerous transactions.
  • Wallet addresses — sent to /api/rescue/{wallet} to scan token approvals. Required to find risky allowances.
  • URLs — sent to /api/phishing to check against phishing databases. Required for URL safety checks.
  • Free-text questions — sent to /api/agent/chat for AI security advice. Only sent when the user explicitly asks a question.

No credentials, private keys, seed phrases, or personal data are ever collected or transmitted. All endpoints are public and require no API keys. The API is rate-limited to 30 requests/minute per IP.

Source code: https://github.com/Ridwannurudeen/shieldbot-openclaw-skills Product: https://shieldbotsecurity.online

Dependencies

Install the requests library before first use:

pip install -r "{baseDir}/requirements.txt"

Environment

Override the API base URL by setting SHIELDBOT_API_BASE environment variable.

Comments

Loading comments...