shll-skills 5.1.0 → 5.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/SKILL.md CHANGED
@@ -270,6 +270,19 @@ Step 2: Call SHLL execute_calldata(token_id, target, data, value) → PolicyGuar
270
270
 
271
271
  For multi-step transactions (e.g. approve + swap), use `execute_calldata_batch` to execute atomically.
272
272
 
273
+ ⚠️ **CRITICAL SECURITY: Verify Recipient Address**
274
+
275
+ Before executing calldata from an external source, you **MUST verify** that any `recipient`, `to`, or `receiver` address embedded in the calldata matches the agent's vault address. Use the `portfolio` tool to get the vault address first.
276
+
277
+ **Why:** A compromised or malicious API could return valid-looking swap calldata but with the recipient set to an attacker's address. PolicyGuard validates the target contract and spending limits, but does NOT parse internal calldata fields like `recipient`.
278
+
279
+ ```
280
+ Step 0: portfolio(token_id) → get vault address
281
+ Step 1: Get calldata from OKX/Bitget/1inch
282
+ Step 2: Verify that 'recipient' in calldata == vault address
283
+ Step 3: execute_calldata(token_id, target, data, value)
284
+ ```
285
+
273
286
  ---
274
287
 
275
288
  ## LINKS
package/dist/mcp.js CHANGED
@@ -1316,11 +1316,11 @@ server.tool(
1316
1316
  );
1317
1317
  server.tool(
1318
1318
  "execute_calldata",
1319
- "Execute raw calldata through PolicyGuard safety layer. Use this to execute transactions from other DeFi skills (OKX DEX API, Bitget, 1inch, etc.) with SHLL on-chain policy enforcement. All actions are validated against spending limits, cooldowns, and whitelists before execution.",
1319
+ "Execute raw calldata through PolicyGuard safety layer. Use this to execute transactions from other DeFi skills (OKX DEX API, Bitget, 1inch, etc.) with SHLL on-chain policy enforcement. IMPORTANT: Before calling, verify that any 'recipient' or 'to' address embedded in the calldata matches the agent's vault address (use the 'portfolio' tool to check). This prevents funds from being routed to an unintended address.",
1320
1320
  {
1321
1321
  token_id: import_zod.z.string().describe("Agent NFA Token ID"),
1322
- target: import_zod.z.string().describe("Target contract address (0x...)"),
1323
- data: import_zod.z.string().describe("Transaction calldata hex string"),
1322
+ target: import_zod.z.string().regex(/^0x[0-9a-fA-F]{40}$/, "Must be a valid Ethereum address").describe("Target contract address (0x...)"),
1323
+ data: import_zod.z.string().regex(/^0x[0-9a-fA-F]*$/, "Must be a valid hex string starting with 0x").describe("Transaction calldata hex string"),
1324
1324
  value: import_zod.z.string().default("0").describe("Native BNB value in wei (default: 0)")
1325
1325
  },
1326
1326
  async ({ token_id, target, data, value }) => {
@@ -1363,8 +1363,8 @@ server.tool(
1363
1363
  {
1364
1364
  token_id: import_zod.z.string().describe("Agent NFA Token ID"),
1365
1365
  actions: import_zod.z.array(import_zod.z.object({
1366
- target: import_zod.z.string().describe("Target contract address"),
1367
- data: import_zod.z.string().describe("Calldata hex"),
1366
+ target: import_zod.z.string().regex(/^0x[0-9a-fA-F]{40}$/, "Must be a valid Ethereum address").describe("Target contract address"),
1367
+ data: import_zod.z.string().regex(/^0x[0-9a-fA-F]*$/, "Must be valid hex").describe("Calldata hex"),
1368
1368
  value: import_zod.z.string().default("0").describe("BNB value in wei")
1369
1369
  })).describe("Array of actions to execute atomically")
1370
1370
  },
package/dist/mcp.mjs CHANGED
@@ -827,11 +827,11 @@ server.tool(
827
827
  );
828
828
  server.tool(
829
829
  "execute_calldata",
830
- "Execute raw calldata through PolicyGuard safety layer. Use this to execute transactions from other DeFi skills (OKX DEX API, Bitget, 1inch, etc.) with SHLL on-chain policy enforcement. All actions are validated against spending limits, cooldowns, and whitelists before execution.",
830
+ "Execute raw calldata through PolicyGuard safety layer. Use this to execute transactions from other DeFi skills (OKX DEX API, Bitget, 1inch, etc.) with SHLL on-chain policy enforcement. IMPORTANT: Before calling, verify that any 'recipient' or 'to' address embedded in the calldata matches the agent's vault address (use the 'portfolio' tool to check). This prevents funds from being routed to an unintended address.",
831
831
  {
832
832
  token_id: z.string().describe("Agent NFA Token ID"),
833
- target: z.string().describe("Target contract address (0x...)"),
834
- data: z.string().describe("Transaction calldata hex string"),
833
+ target: z.string().regex(/^0x[0-9a-fA-F]{40}$/, "Must be a valid Ethereum address").describe("Target contract address (0x...)"),
834
+ data: z.string().regex(/^0x[0-9a-fA-F]*$/, "Must be a valid hex string starting with 0x").describe("Transaction calldata hex string"),
835
835
  value: z.string().default("0").describe("Native BNB value in wei (default: 0)")
836
836
  },
837
837
  async ({ token_id, target, data, value }) => {
@@ -874,8 +874,8 @@ server.tool(
874
874
  {
875
875
  token_id: z.string().describe("Agent NFA Token ID"),
876
876
  actions: z.array(z.object({
877
- target: z.string().describe("Target contract address"),
878
- data: z.string().describe("Calldata hex"),
877
+ target: z.string().regex(/^0x[0-9a-fA-F]{40}$/, "Must be a valid Ethereum address").describe("Target contract address"),
878
+ data: z.string().regex(/^0x[0-9a-fA-F]*$/, "Must be valid hex").describe("Calldata hex"),
879
879
  value: z.string().default("0").describe("BNB value in wei")
880
880
  })).describe("Array of actions to execute atomically")
881
881
  },
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "shll-skills",
3
- "version": "5.1.0",
3
+ "version": "5.1.1",
4
4
  "description": "SHLL DeFi Agent — CLI + MCP Server for BSC",
5
5
  "main": "dist/index.js",
6
6
  "bin": {
package/src/mcp.ts CHANGED
@@ -973,11 +973,11 @@ server.tool(
973
973
  // (OKX DEX API, Bitget, 1inch, etc.) and routes through PolicyGuard
974
974
  server.tool(
975
975
  "execute_calldata",
976
- "Execute raw calldata through PolicyGuard safety layer. Use this to execute transactions from other DeFi skills (OKX DEX API, Bitget, 1inch, etc.) with SHLL on-chain policy enforcement. All actions are validated against spending limits, cooldowns, and whitelists before execution.",
976
+ "Execute raw calldata through PolicyGuard safety layer. Use this to execute transactions from other DeFi skills (OKX DEX API, Bitget, 1inch, etc.) with SHLL on-chain policy enforcement. IMPORTANT: Before calling, verify that any 'recipient' or 'to' address embedded in the calldata matches the agent's vault address (use the 'portfolio' tool to check). This prevents funds from being routed to an unintended address.",
977
977
  {
978
978
  token_id: z.string().describe("Agent NFA Token ID"),
979
- target: z.string().describe("Target contract address (0x...)"),
980
- data: z.string().describe("Transaction calldata hex string"),
979
+ target: z.string().regex(/^0x[0-9a-fA-F]{40}$/, "Must be a valid Ethereum address").describe("Target contract address (0x...)"),
980
+ data: z.string().regex(/^0x[0-9a-fA-F]*$/, "Must be a valid hex string starting with 0x").describe("Transaction calldata hex string"),
981
981
  value: z.string().default("0").describe("Native BNB value in wei (default: 0)"),
982
982
  },
983
983
  async ({ token_id, target, data, value }) => {
@@ -1023,8 +1023,8 @@ server.tool(
1023
1023
  {
1024
1024
  token_id: z.string().describe("Agent NFA Token ID"),
1025
1025
  actions: z.array(z.object({
1026
- target: z.string().describe("Target contract address"),
1027
- data: z.string().describe("Calldata hex"),
1026
+ target: z.string().regex(/^0x[0-9a-fA-F]{40}$/, "Must be a valid Ethereum address").describe("Target contract address"),
1027
+ data: z.string().regex(/^0x[0-9a-fA-F]*$/, "Must be valid hex").describe("Calldata hex"),
1028
1028
  value: z.string().default("0").describe("BNB value in wei"),
1029
1029
  })).describe("Array of actions to execute atomically"),
1030
1030
  },