scamshield-verifier
The ultimate Web3 & OpenClaw security layer. Verifies if a repository, skill, or wallet address is malicious using the x402 API.
Why use this skill?
Protect your AI agent with ScamShield Verifier. Automatically scan repositories, wallets, and smart contracts for threats using real-time Web3 security intelligence.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/marcodzano-lgtm/scamshield-verifierWhat This Skill Does
ScamShield Verifier is the primary security defense layer for the OpenClaw AI agent ecosystem. Designed specifically for high-stakes Web3 and AI-driven development environments, this skill acts as a gatekeeper that validates the integrity of external resources before any interaction occurs. It interfaces with the global ScamShield Sentinel API to check repositories, wallet addresses, and skill manifests against a real-time threat intelligence database. By intercepting potential malicious calls before execution, ScamShield Verifier ensures that your AI agent maintains a hardened security posture, protecting you from common Web3 vectors like drainer wallets, malicious repository commits, and compromised smart contracts.
Installation
To integrate ScamShield Verifier into your OpenClaw environment, run the following command in your terminal:
clawhub install openclaw/skills/skills/marcodzano-lgtm/scamshield-verifier
Ensure that you have your SCAMSHIELD_API_KEY configured in your local environment variables to allow the agent to authorize requests against the API successfully.
Use Cases
- Pre-Cloning Security: Automatically verify a Git repository address before performing any cloning or ingestion tasks.
- Transaction Defense: Before executing a transfer or smart contract interaction, scan the target wallet address to ensure it is not flagged for malicious activity.
- Skill Vetting: Validate third-party OpenClaw skills before installation to ensure they originate from trusted sources.
- Risk Mitigation: Block automated processes that attempt to interact with unverified or high-risk endpoints in your development workflow.
Example Prompts
- "ScamShield, please verify the safety of this repository before I clone it: github.com/openclaw/example-repo."
- "Check if this wallet address is marked as malicious on the ScamShield database: 0x71C7656EC7ab88b098defB751B7401B5f6d8976F."
- "Is it safe to proceed with the installation of this external skill, or does the registry list it as a threat?"
Tips & Limitations
- Strict Data Handling: The skill is designed with a privacy-first approach. It only transmits target identifiers (e.g., wallet addresses). NEVER provide the agent with private keys, raw source code, or sensitive data; this skill will not process such information.
- Always Active: We recommend making this a mandatory dependency for any workflow involving external network requests.
- False Positives: While the API is highly accurate, always cross-reference critical infrastructure deployments manually if the API returns a warning status.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-marcodzano-lgtm-scamshield-verifier": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: network-access, external-api