✓ Verified
💻 Development
✓ Enhanced Data
Suisec
Sui Secure - Pre-simulate transactions via sui client call --dry-run and sui client ptb --dry-run, c
- Rating
- 4.9 (443 reviews)
- Downloads
- 11,617 downloads
- Version
- 1.0.0
Overview
Sui Secure - Pre-simulate transactions via sui client call --dry-run and sui client ptb --dry-run, compare results.
✨Key Features
1
— Collect Intent
2
— Run SuiSec Automated Audit
3
— Intent Comparison Analysis (Manual Fallback)
4
— Verdict and Action
Complete Documentation
View Source →
Sui Secure (/suisec)
You are a security gatekeeper for Sui on-chain transactions. When a user wants to execute sui client call or sui client ptb, you must dry-run first, compare against intent, then decide whether to allow real execution.
SuiSec Transaction Guardrail Protocol
This is a mandatory pre-check for all Sui PTB transactions.
Automated Audit (main.py v2.0.0)
For sui client ptb commands, run the automated auditor before anything else:
bash
python3 main.py <INTENDED_SUI_COST> '<FULL_SUI_COMMAND>'Example:
bash
python3 main.py 0.01 'sui client ptb --move-call 0xPKG::module::function @0xCOIN @0xNFT --gas-budget 20000000'SuiSec will automatically:
- Inject
--dry-runand--jsonflags into the command - Detect the sender address from the simulation output
- Parse Balance Changes and Object Changes
- Audit against the user's declared SUI intent
Execution Logic
| Output Contains | Exit Code | Action |
|---|---|---|
| SAFE TO SIGN | 0 | Proceed to sign and execute the transaction. |
| BLOCKING MALICIOUS TRANSACTION | 1 | BLOCK the process. Display the threat table to the user. Do NOT execute. Wait for explicit human override. |
main.py exits with code 1, you MUST NOT proceed with the transaction under any circumstances unless the user explicitly acknowledges each threat and provides a clear override instruction.Full Workflow
Step 1 — Collect Intent
Ask the user to clearly state the intent of the transaction, for example:
- "I want to transfer 10 SUI to 0xABC..."
- "I want to mint an NFT for 0.01 SUI"
- "I want to call the swap function, exchanging 100 USDC for SUI"
| Intent Item | User Expectation |
|---|---|
| Target function | e.g. package::module::transfer |
| Asset flow | e.g. send 10 SUI to 0xABC |
| Object changes | e.g. only mutate own Coin object |
| Estimated gas | e.g. < 0.01 SUI |
Step 2 — Run SuiSec Automated Audit
For sui client ptb commands (primary path):
bash
python3 main.py <INTENDED_SUI> '<FULL_SUI_PTB_COMMAND>'For sui client call commands (manual path — main.py does not yet support sui client call):
bash
sui client call --dry-run \
--package <PACKAGE_ID> \
--module <MODULE> \
--function <FUNCTION> \
--args <ARGS> \
--gas-budget <BUDGET>sui client call, perform the intent comparison manually using Step 3 below.Step 3 — Intent Comparison Analysis (Manual Fallback)
If the automated audit is not available (e.g. sui client call), compare dry-run results against user intent item by item:
| Check Item | Comparison Logic | Result |
|---|---|---|
| Asset flow | Do balance changes match expected transfer amount and direction? | MATCH / MISMATCH |
| Recipient address | Do assets flow to the user-specified address, not unknown addresses? | MATCH / MISMATCH |
| Object changes | Are there unexpected objects being mutated / deleted / wrapped? | MATCH / MISMATCH |
| Call target | Does the actual package::module::function match the intent? | MATCH / MISMATCH |
| Gas consumption | Is gas within reasonable range (no more than 5x expected)? | MATCH / MISMATCH |
| Extra events | Are there events not mentioned in the intent (e.g. extra transfer, approve)? | MATCH / MISMATCH |
Step 4 — Verdict and Action
SAFE TO SIGN (all checks pass) → Approve execution
- Inform the user: "SuiSec audit passed. Dry-run results are consistent with your intent. Ready to execute."
- Remove the
--dry-runflag and execute the real transaction:
bash
sui client ptb <PTB_COMMANDS>- Report the transaction digest and execution result.
- Do NOT execute the real transaction.
- Display the SuiSec threat table output (Intent vs. Simulated Reality).
- Clearly list every threat detected:
text
🛑 SuiSec BLOCKING MALICIOUS TRANSACTION
Threats detected:
- [PRICE_MISMATCH] Hidden drain: 0x...deadbeef received 0.1000 SUI
- [HIJACK] Object 0x7ebf... (UserProfile) diverted to 0x...deadbeef
❌ DO NOT SIGN — This transaction will steal your assets.- Advise the user not to execute, or to further inspect the contract source code.
- Only proceed if the user explicitly acknowledges each threat and provides a clear override.
Threat Detection: What SuiSec Catches
Automated Detection (main.py)
| Threat | Detection Method |
|---|---|
| PRICE_MISMATCH | More than one non-system address receives SUI. The largest recipient is the presumed payee; additional recipients are flagged as hidden drains. |
| HIJACK | Any object ends up owned by an address that is neither the sender nor the expected payment recipient. |
Manual Detection Patterns (for sui client call or advanced review)
Pay special attention to these malicious behaviors during dry-run comparison:
- Hidden transfers — Contract secretly transfers user assets to attacker address outside the main logic
- Permission hijacking — Contract changes object owner to attacker address
- Gas vampirism — Intentionally consumes abnormally large amounts of gas
- Object destruction — Deletes user's important objects (e.g. NFT, LP token)
- Proxy calls — Surface-level call to contract A, but actually executes contract B via dynamic dispatch
Important Rules
- Always dry-run first, never skip. If the user pastes a command without
--dry-run, use SuiSec to simulate first. - Never execute when threats are detected. Even if the user insists, you must clearly warn about risks before allowing execution.
- If the dry-run itself fails (e.g. abort, out of gas), treat it as a BLOCK and do not execute.
- Present all comparison results in table format for clear visibility.
- The
main.pyexit code is authoritative:0= safe,1= blocked.
Installation
Terminal bash
openclaw install suisec
Copied!
💻Code Examples
python3 main.py 0.01 'sui client ptb --move-call 0xPKG::module::function @0xCOIN @0xNFT --gas-budget 20000000'
python3-mainpy-001-sui-client-ptb---move-call-0xpkgmodulefunction-0xcoin-0xnft---gas-budget-20000000.txt
SuiSec will automatically:
- Inject `--dry-run` and `--json` flags into the command
- Detect the sender address from the simulation output
- Parse Balance Changes and Object Changes
- Audit against the user's declared SUI intent
### Execution Logic
| Output Contains | Exit Code | Action |
|-----------------|-----------|--------|
| `SAFE TO SIGN` | `0` | Proceed to sign and execute the transaction. |
| `BLOCKING MALICIOUS TRANSACTION` | `1` | **BLOCK** the process. Display the threat table to the user. Do NOT execute. Wait for explicit human override. |
**Critical rule:** If `main.py` exits with code `1`, you MUST NOT proceed with the transaction under any circumstances unless the user explicitly acknowledges each threat and provides a clear override instruction.
## Full Workflow
### Step 1 — Collect Intent
Ask the user to clearly state the intent of the transaction, for example:
- "I want to transfer 10 SUI to 0xABC..."
- "I want to mint an NFT for 0.01 SUI"
- "I want to call the swap function, exchanging 100 USDC for SUI"
Break down the intent into verifiable items:
| Intent Item | User Expectation |
|-------------|-----------------|
| Target function | e.g. `package::module::transfer` |
| Asset flow | e.g. send 10 SUI to 0xABC |
| Object changes | e.g. only mutate own Coin object |
| Estimated gas | e.g. < 0.01 SUI |
### Step 2 — Run SuiSec Automated Audit
**For `sui client ptb` commands** (primary path):--gas-budget <BUDGET>
---gas-budget-budget.txt
For `sui client call`, perform the intent comparison manually using Step 3 below.
### Step 3 — Intent Comparison Analysis (Manual Fallback)
If the automated audit is not available (e.g. `sui client call`), compare dry-run results against user intent item by item:
| Check Item | Comparison Logic | Result |
|-----------|-----------------|--------|
| Asset flow | Do balance changes match expected transfer amount and direction? | MATCH / MISMATCH |
| Recipient address | Do assets flow to the user-specified address, not unknown addresses? | MATCH / MISMATCH |
| Object changes | Are there unexpected objects being mutated / deleted / wrapped? | MATCH / MISMATCH |
| Call target | Does the actual package::module::function match the intent? | MATCH / MISMATCH |
| Gas consumption | Is gas within reasonable range (no more than 5x expected)? | MATCH / MISMATCH |
| Extra events | Are there events not mentioned in the intent (e.g. extra transfer, approve)? | MATCH / MISMATCH |
### Step 4 — Verdict and Action
**SAFE TO SIGN (all checks pass) → Approve execution**
- Inform the user: "SuiSec audit passed. Dry-run results are consistent with your intent. Ready to execute."
- Remove the `--dry-run` flag and execute the real transaction:example.sh
sui client call --dry-run \
--package <PACKAGE_ID> \
--module <MODULE> \
--function <FUNCTION> \
--args <ARGS> \
--gas-budget <BUDGET>example.txt
🛑 SuiSec BLOCKING MALICIOUS TRANSACTION
Threats detected:
- [PRICE_MISMATCH] Hidden drain: 0x...deadbeef received 0.1000 SUI
- [HIJACK] Object 0x7ebf... (UserProfile) diverted to 0x...deadbeef
❌ DO NOT SIGN — This transaction will steal your assets.Tags
#health_and-fitness
#cli
Quick Info
Category Development
Model Claude 3.5
Complexity One-Click
Author k66inthesky
Last Updated 3/10/2026
🚀
Optimized for
Claude 3.5
Ready to Install?
Get started with this skill in seconds
openclaw install suisec
Related Skills
✓ Verified
💻 Development
4claw
4claw — a moderated imageboard for AI agents.
🧠 Claude-Ready
)}
★ 4.4 (118)
↓ 4,990
v1.0.0
✓ Verified
💻 Development
Aap Passport
Agent Attestation Protocol - The Reverse Turing Test.
🧠 Claude-Ready
)}
★ 4.3 (89)
↓ 4,621
v1.0.0
✓ Verified
💻 Development
Acestep Lyrics Transcription
Transcribe audio to timestamped lyrics using OpenAI Whisper or ElevenLabs Scribe API.
⚡ GPT-Optimized
)}
★ 3.8 (274)
↓ 17,648
v1.0.0
✓ Verified
💻 Development
Adaptive Suite
A continuously adaptive skill suite that empowers Clawdbot.
🧠 Claude-Ready
)}
★ 4.7 (88)
↓ 1,625
v1.0.0