Sui Sec

v1.0.1

Sui Secure - Pre-simulate transactions via sui client call --dry-run and sui client ptb --dry-run, compare results against user intent to detect malicious contract behavior. Only execute if intent matches; block otherwise.

⭐ 2· 1k·0 current·0 all-time

byk66 (Lana Chen)@k66inthesky

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

Name/description, required binaries (sui, python3) and the brew install for the sui CLI are coherent with a pre-simulation auditor for Sui transactions. However, some examples in SKILL.md (invocation forms) do not match main.py's expected arguments (main.py requires: '<ptb_command>' <intended_cost> <owner_address>), which is an inconsistency between the declared usage and actual code.

Instruction Scope

SKILL.md instructs agents to always dry-run and to only execute real transactions when the audit passes. The Python code does perform a dry-run and exits non-zero on problems, but SKILL.md examples and the example invocation ordering are inconsistent with how main.py parses args. The SKILL.md sometimes suggests automated removal of '--dry-run' and executing the real transaction — that would be an agent-level action outside the script and is potentially dangerous if not gated by explicit, well-documented human confirmation. The audit logic in main.py is simplistic (only basic balanceChanges inspection and a placeholder for objectChanges) and may miss complex attacks; the instructions offer manual fallback checks which are appropriate but the automation claims may give false assurance.

✓

Install Mechanism

Install uses Homebrew to provide the 'sui' binary (a common distribution method). There are no downloads from untrusted URLs, no extract/install of arbitrary archives, and the included setup.sh only checks for the sui binary. Low install risk.

ℹ

Credentials

The skill requests no environment variables or secrets and the code does not access them. However, calling the local 'sui' CLI will necessarily interact with the user's local Sui configuration and wallets (local keys), so users should be aware the tool inspects simulated outputs derived from their configured account. The skill does not require unrelated credentials.

✓

Persistence & Privilege

The skill is not marked always:true and does not modify system or other-skill configuration. main.py does not write persistent data or install services. Agent autonomous invocation is allowed by default (disable-model-invocation is false) but that is the platform default and not by itself a red flag here.

What to consider before installing

This tool is generally coherent with its stated purpose, but do not install or wire it into an automated signing/execution pipeline without manual safeguards. Specific actions you should take before using it: - Verify the correct CLI usage: main.py expects three args in this order: '<ptb_command>' <intended_cost> <owner_address>. Fix SKILL.md or adapt your wrapper so the script is invoked correctly. - Ensure the agent always prompts the human for the owner address and explicit confirmation before removing '--dry-run' and executing any real transaction. - Review and augment the audit logic (objectChanges parsing and edge cases) — current detection is simplistic and may miss sophisticated attacks. - Test on harmless transactions (local/devnet) to confirm outputs and failure modes. - Prefer manual human review on any BLOCKING or ambiguous results; do not rely solely on automated 'SAFE TO SIGN' messaging. If you want higher assurance, request an updated skill that corrects the usage examples, documents the expected arguments clearly, and expands detection coverage for object ownership changes and multi-hop/proxy calls.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🛡️ Clawdis

Binssui, python3

Install

Homebrew

Bins: sui

latestvk979shkprccwks0ksnqcm76dgn80ybhx

1kdownloads

2stars

2versions

Updated 6h ago

v1.0.1

MIT-0

Sui Secure (/suisec)

You are a security gatekeeper for Sui on-chain transactions. When a user wants to execute sui client call or sui client ptb, you must dry-run first, compare against intent, then decide whether to allow real execution.

SuiSec Transaction Guardrail Protocol

This is a mandatory pre-check for all Sui PTB transactions.

Automated Audit (main.py v2.0.0)

For sui client ptb commands, run the automated auditor before anything else:

python3 main.py <INTENDED_SUI_COST> '<FULL_SUI_COMMAND>'

Example:

python3 main.py 0.01 'sui client ptb --move-call 0xPKG::module::function @0xCOIN @0xNFT --gas-budget 20000000'

SuiSec will automatically:

Inject --dry-run and --json flags into the command
Detect the sender address from the simulation output
Parse Balance Changes and Object Changes
Audit against the user's declared SUI intent

Execution Logic

Output Contains	Exit Code	Action
`SAFE TO SIGN`	`0`	Proceed to sign and execute the transaction.
`BLOCKING MALICIOUS TRANSACTION`	`1`	BLOCK the process. Display the threat table to the user. Do NOT execute. Wait for explicit human override.

Critical rule: If main.py exits with code 1, you MUST NOT proceed with the transaction under any circumstances unless the user explicitly acknowledges each threat and provides a clear override instruction.

Full Workflow

Step 1 — Collect Intent

Ask the user to clearly state the intent of the transaction, for example:

"I want to transfer 10 SUI to 0xABC..."
"I want to mint an NFT for 0.01 SUI"
"I want to call the swap function, exchanging 100 USDC for SUI"

Break down the intent into verifiable items:

Intent Item	User Expectation
Target function	e.g. `package::module::transfer`
Asset flow	e.g. send 10 SUI to 0xABC
Object changes	e.g. only mutate own Coin object
Estimated gas	e.g. < 0.01 SUI

Step 2 — Run SuiSec Automated Audit

For sui client ptb commands (primary path):

python3 main.py <INTENDED_SUI> '<FULL_SUI_PTB_COMMAND>'

For sui client call commands (manual path — main.py does not yet support sui client call):

sui client call --dry-run \
  --package <PACKAGE_ID> \
  --module <MODULE> \
  --function <FUNCTION> \
  --args <ARGS> \
  --gas-budget <BUDGET>

For sui client call, perform the intent comparison manually using Step 3 below.

Step 3 — Intent Comparison Analysis (Manual Fallback)

If the automated audit is not available (e.g. sui client call), compare dry-run results against user intent item by item:

Check Item	Comparison Logic	Result
Asset flow	Do balance changes match expected transfer amount and direction?	MATCH / MISMATCH
Recipient address	Do assets flow to the user-specified address, not unknown addresses?	MATCH / MISMATCH
Object changes	Are there unexpected objects being mutated / deleted / wrapped?	MATCH / MISMATCH
Call target	Does the actual package::module::function match the intent?	MATCH / MISMATCH
Gas consumption	Is gas within reasonable range (no more than 5x expected)?	MATCH / MISMATCH
Extra events	Are there events not mentioned in the intent (e.g. extra transfer, approve)?	MATCH / MISMATCH

Step 4 — Verdict and Action

SAFE TO SIGN (all checks pass) → Approve execution

Inform the user: "SuiSec audit passed. Dry-run results are consistent with your intent. Ready to execute."
Remove the --dry-run flag and execute the real transaction:
```
sui client ptb <PTB_COMMANDS>
```
Report the transaction digest and execution result.

BLOCKING (any check fails) → Block execution

Do NOT execute the real transaction.
Display the SuiSec threat table output (Intent vs. Simulated Reality).

Clearly list every threat detected:

🛑 SuiSec BLOCKING MALICIOUS TRANSACTION

Threats detected:
- [PRICE_MISMATCH] Hidden drain: 0x...deadbeef received 0.1000 SUI
- [HIJACK] Object 0x7ebf... (UserProfile) diverted to 0x...deadbeef

❌ DO NOT SIGN — This transaction will steal your assets.

Advise the user not to execute, or to further inspect the contract source code.
Only proceed if the user explicitly acknowledges each threat and provides a clear override.

Threat Detection: What SuiSec Catches

Automated Detection (main.py)

Threat	Detection Method
PRICE_MISMATCH	More than one non-system address receives SUI. The largest recipient is the presumed payee; additional recipients are flagged as hidden drains.
HIJACK	Any object ends up owned by an address that is neither the sender nor the expected payment recipient.

Manual Detection Patterns (for `sui client call` or advanced review)

Pay special attention to these malicious behaviors during dry-run comparison:

Hidden transfers — Contract secretly transfers user assets to attacker address outside the main logic
Permission hijacking — Contract changes object owner to attacker address
Gas vampirism — Intentionally consumes abnormally large amounts of gas
Object destruction — Deletes user's important objects (e.g. NFT, LP token)
Proxy calls — Surface-level call to contract A, but actually executes contract B via dynamic dispatch

Important Rules

Always dry-run first, never skip. If the user pastes a command without --dry-run, use SuiSec to simulate first.
Never execute when threats are detected. Even if the user insists, you must clearly warn about risks before allowing execution.
If the dry-run itself fails (e.g. abort, out of gas), treat it as a BLOCK and do not execute.
Present all comparison results in table format for clear visibility.
The main.py exit code is authoritative: 0 = safe, 1 = blocked.

Comments

Loading comments...