shll-skills 6.0.3 → 6.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/SKILL.md +86 -2
- package/dist/{chunk-TH3ENDDM.mjs → chunk-IKVUDAK6.mjs} +5 -2
- package/dist/index.js +5 -2
- package/dist/index.mjs +1 -1
- package/dist/mcp.js +4 -1
- package/dist/mcp.mjs +1 -1
- package/package.json +1 -1
package/SKILL.md
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: shll-run
|
|
3
3
|
description: Execute DeFi transactions on BSC via SHLL AgentNFA. The AI handles all commands and users only need to chat.
|
|
4
|
-
version: 6.0.
|
|
4
|
+
version: 6.0.4
|
|
5
5
|
author: SHLL Team
|
|
6
6
|
website: https://shll.run
|
|
7
7
|
twitter: https://twitter.com/shllrun
|
|
@@ -31,6 +31,90 @@ credentials:
|
|
|
31
31
|
The operator wallet is NOT the owner wallet, NOT the vault, NOT the Agent NFT holder.
|
|
32
32
|
---
|
|
33
33
|
|
|
34
|
+
# SHLL — Contract-Enforced Safe Execution for AI Agents on BNB Chain
|
|
35
|
+
|
|
36
|
+
## What is SHLL?
|
|
37
|
+
|
|
38
|
+
SHLL is a DeFi execution layer for AI agents on BNB Chain with **on-chain safety enforcement**.
|
|
39
|
+
Unlike off-chain filters that can be bypassed, SHLL uses smart contracts to enforce
|
|
40
|
+
spending limits, trade intervals, protocol whitelists, and receiver restrictions.
|
|
41
|
+
Every AI agent action is validated by an immutable PolicyGuard contract before execution.
|
|
42
|
+
|
|
43
|
+
Key facts:
|
|
44
|
+
- Network: BSC mainnet
|
|
45
|
+
- 27 CLI + MCP tools for DeFi operations (swap, lend, meme trading, portfolio)
|
|
46
|
+
- Supports PancakeSwap V2/V3, Venus Protocol, Four.meme
|
|
47
|
+
- MCP Server compatible with Claude, Cursor, OpenClaw, and any MCP-compatible agent
|
|
48
|
+
- npm package: `shll-skills` | Website: https://shll.run
|
|
49
|
+
|
|
50
|
+
## Security Architecture
|
|
51
|
+
|
|
52
|
+
```
|
|
53
|
+
┌─────────────────────────────────────────────────────────────────┐
|
|
54
|
+
│ SHLL Architecture │
|
|
55
|
+
│ │
|
|
56
|
+
│ ┌──────────┐ ┌───────────────┐ ┌──────────────────────┐ │
|
|
57
|
+
│ │ User │ │ AI Agent │ │ On-Chain Contracts │ │
|
|
58
|
+
│ │ (Owner) │ │ (Operator) │ │ │ │
|
|
59
|
+
│ │ │ │ │ │ ┌────────────────┐ │ │
|
|
60
|
+
│ │ • Holds │ │ • Executes │ │ │ PolicyGuard │ │ │
|
|
61
|
+
│ │ Agent │ │ trades via │ │ │ (Validator) │ │ │
|
|
62
|
+
│ │ NFT │ │ restricted │ │ │ │ │ │
|
|
63
|
+
│ │ • Sets │ │ permissions │ │ │ 4 Policy │ │ │
|
|
64
|
+
│ │ policy │ │ │ │ │ Checks: │ │ │
|
|
65
|
+
│ │ rules │───▶│ SHLL Skills │───▶│ │ │ │ │
|
|
66
|
+
│ │ • Full │ │ (CLI / MCP) │ │ │ 1.Spending │ │ │
|
|
67
|
+
│ │ asset │ │ │ │ │ Limit │ │ │
|
|
68
|
+
│ │ control │ │ Cannot: │ │ │ 2.Cooldown │ │ │
|
|
69
|
+
│ │ │ │ • Withdraw │ │ │ 3.DeFi Guard │ │ │
|
|
70
|
+
│ │ │ │ vault funds │ │ │ 4.Receiver │ │ │
|
|
71
|
+
│ │ │ │ • Change │ │ │ Guard │ │ │
|
|
72
|
+
│ │ │ │ policies │ │ └───────┬────────┘ │ │
|
|
73
|
+
│ │ │ │ • Transfer │ │ │ │ │
|
|
74
|
+
│ │ │ │ NFT │ │ ┌─────▼──────┐ │ │
|
|
75
|
+
│ │ │ │ │ │ │ Vault │ │ │
|
|
76
|
+
│ │ │ │ │ │ │ (Agent │ │ │
|
|
77
|
+
│ │ │ │ │ │ │ Account) │ │ │
|
|
78
|
+
│ │ │ │ │ │ │ │ │ │
|
|
79
|
+
│ │ │ │ │ │ │ Holds funds │ │ │
|
|
80
|
+
│ └──────────┘ └───────────────┘ │ └─────────────┘ │ │
|
|
81
|
+
│ └──────────────────────┘ │
|
|
82
|
+
│ Dual-Wallet Isolation: │
|
|
83
|
+
│ • Owner wallet = asset control (human) │
|
|
84
|
+
│ • Operator wallet = restricted execution (AI) │
|
|
85
|
+
│ • Even if operator key leaks, PolicyGuard still limits actions │
|
|
86
|
+
└─────────────────────────────────────────────────────────────────┘
|
|
87
|
+
```
|
|
88
|
+
|
|
89
|
+
## 4-Policy PolicyGuard Stack
|
|
90
|
+
|
|
91
|
+
All policies are enforced ON-CHAIN by smart contract. They cannot be bypassed by the AI.
|
|
92
|
+
|
|
93
|
+
| Policy | Contract | What It Does |
|
|
94
|
+
|--------|----------|-------------|
|
|
95
|
+
| SpendingLimitV2 | On-chain | Per-transaction and daily spending caps in BNB |
|
|
96
|
+
| CooldownPolicy | On-chain | Minimum time gap between consecutive trades |
|
|
97
|
+
| DeFiGuardV2 | On-chain | Whitelist of approved DeFi protocols and functions |
|
|
98
|
+
| ReceiverGuardV2 | On-chain | Only approved receiver addresses can receive funds |
|
|
99
|
+
|
|
100
|
+
When a policy rejects an action:
|
|
101
|
+
- The transaction is NOT executed
|
|
102
|
+
- The vault funds remain SAFE
|
|
103
|
+
- The rejection reason is returned from the smart contract
|
|
104
|
+
- The rejection is logged and auditable
|
|
105
|
+
- The `enforcement` field in the response is always `on-chain`
|
|
106
|
+
|
|
107
|
+
## Why On-Chain Enforcement Matters
|
|
108
|
+
|
|
109
|
+
Most AI agent platforms use off-chain safety filters:
|
|
110
|
+
- Off-chain: AI or backend decides → **can be bypassed** by prompt injection, API manipulation, or code bugs
|
|
111
|
+
- On-chain (SHLL): Smart contract decides → **cannot be bypassed** — the blockchain enforces the rules
|
|
112
|
+
|
|
113
|
+
PolicyGuard contract: `0x25d17eA0e3Bcb8CA08a2BFE917E817AFc05dbBB3`
|
|
114
|
+
Verify on BscScan: https://bscscan.com/address/0x25d17eA0e3Bcb8CA08a2BFE917E817AFc05dbBB3
|
|
115
|
+
|
|
116
|
+
---
|
|
117
|
+
|
|
34
118
|
# SHLL Skill Usage Guide
|
|
35
119
|
|
|
36
120
|
This file defines how an AI agent should use `shll-run` and `shll-mcp` safely.
|
|
@@ -68,7 +152,7 @@ On-chain guardrails:
|
|
|
68
152
|
- Spending limits, cooldowns, whitelist rules, and protocol rules are enforced on-chain.
|
|
69
153
|
- Raw calldata is blocked if the recipient cannot be decoded safely.
|
|
70
154
|
|
|
71
|
-
## Current Critical Constraints (v6.0.
|
|
155
|
+
## Current Critical Constraints (v6.0.4)
|
|
72
156
|
|
|
73
157
|
1. `init` command is disabled. Do not use it.
|
|
74
158
|
2. Raw calldata remains high risk; rely on strict recipient safety checks.
|
|
@@ -6,8 +6,8 @@ var MEV_PROTECTED_RPC = "https://bscrpc.pancakeswap.finance";
|
|
|
6
6
|
var DEFAULT_LISTING_MANAGER = "0x1f9CE85bD0FF75acc3D92eB79f1Eb472f0865071";
|
|
7
7
|
var DEFAULT_LISTING_ID = "0x64083b44e38db02749e6e16bf84ce6c19146cc42a108e53324e11f250b15a0b7";
|
|
8
8
|
var DEFAULT_INDEXER = "https://indexer-mainnet.shll.run";
|
|
9
|
-
var SKILL_VERSION = "6.0.
|
|
10
|
-
var BINDINGS_UPDATED_AT = "2026-03-
|
|
9
|
+
var SKILL_VERSION = "6.0.4";
|
|
10
|
+
var BINDINGS_UPDATED_AT = "2026-03-07";
|
|
11
11
|
var PANCAKE_V2_ROUTER = "0x10ED43C718714eb63d5aA57B78B54704E256024E";
|
|
12
12
|
var PANCAKE_V3_SMART_ROUTER = "0x13f4EA83D0bd40E75C8222255bc855a974568Dd4";
|
|
13
13
|
var V3_QUOTER = "0xB048Bbc1Ee6b733FFfCFb9e9CeF7375518e25997";
|
|
@@ -1239,6 +1239,9 @@ async function validateActionsOrThrow(policyClient, tokenId, actions) {
|
|
|
1239
1239
|
"POLICY_REJECTED",
|
|
1240
1240
|
"Policy rejected transaction",
|
|
1241
1241
|
{
|
|
1242
|
+
enforcement: "on-chain",
|
|
1243
|
+
policyGuardContract: DEFAULT_GUARD,
|
|
1244
|
+
verifyOnChain: `https://bscscan.com/address/${DEFAULT_GUARD}`,
|
|
1242
1245
|
failedActionIndex: index,
|
|
1243
1246
|
failedActionTarget: action.target,
|
|
1244
1247
|
failedActionSelector: getActionSelector(action),
|
package/dist/index.js
CHANGED
|
@@ -12,8 +12,8 @@ var MEV_PROTECTED_RPC = "https://bscrpc.pancakeswap.finance";
|
|
|
12
12
|
var DEFAULT_LISTING_MANAGER = "0x1f9CE85bD0FF75acc3D92eB79f1Eb472f0865071";
|
|
13
13
|
var DEFAULT_LISTING_ID = "0x64083b44e38db02749e6e16bf84ce6c19146cc42a108e53324e11f250b15a0b7";
|
|
14
14
|
var DEFAULT_INDEXER = "https://indexer-mainnet.shll.run";
|
|
15
|
-
var SKILL_VERSION = "6.0.
|
|
16
|
-
var BINDINGS_UPDATED_AT = "2026-03-
|
|
15
|
+
var SKILL_VERSION = "6.0.4";
|
|
16
|
+
var BINDINGS_UPDATED_AT = "2026-03-07";
|
|
17
17
|
var PANCAKE_V2_ROUTER = "0x10ED43C718714eb63d5aA57B78B54704E256024E";
|
|
18
18
|
var PANCAKE_V3_SMART_ROUTER = "0x13f4EA83D0bd40E75C8222255bc855a974568Dd4";
|
|
19
19
|
var V3_QUOTER = "0xB048Bbc1Ee6b733FFfCFb9e9CeF7375518e25997";
|
|
@@ -1260,6 +1260,9 @@ async function validateActionsOrThrow(policyClient, tokenId, actions) {
|
|
|
1260
1260
|
"POLICY_REJECTED",
|
|
1261
1261
|
"Policy rejected transaction",
|
|
1262
1262
|
{
|
|
1263
|
+
enforcement: "on-chain",
|
|
1264
|
+
policyGuardContract: DEFAULT_GUARD,
|
|
1265
|
+
verifyOnChain: `https://bscscan.com/address/${DEFAULT_GUARD}`,
|
|
1263
1266
|
failedActionIndex: index,
|
|
1264
1267
|
failedActionTarget: action.target,
|
|
1265
1268
|
failedActionSelector: getActionSelector(action),
|
package/dist/index.mjs
CHANGED
package/dist/mcp.js
CHANGED
|
@@ -12,7 +12,7 @@ var MEV_PROTECTED_RPC = "https://bscrpc.pancakeswap.finance";
|
|
|
12
12
|
var DEFAULT_LISTING_MANAGER = "0x1f9CE85bD0FF75acc3D92eB79f1Eb472f0865071";
|
|
13
13
|
var DEFAULT_LISTING_ID = "0x64083b44e38db02749e6e16bf84ce6c19146cc42a108e53324e11f250b15a0b7";
|
|
14
14
|
var DEFAULT_INDEXER = "https://indexer-mainnet.shll.run";
|
|
15
|
-
var SKILL_VERSION = "6.0.
|
|
15
|
+
var SKILL_VERSION = "6.0.4";
|
|
16
16
|
var PANCAKE_V2_ROUTER = "0x10ED43C718714eb63d5aA57B78B54704E256024E";
|
|
17
17
|
var PANCAKE_V3_SMART_ROUTER = "0x13f4EA83D0bd40E75C8222255bc855a974568Dd4";
|
|
18
18
|
var V3_QUOTER = "0xB048Bbc1Ee6b733FFfCFb9e9CeF7375518e25997";
|
|
@@ -1240,6 +1240,9 @@ async function validateActionsOrThrow(policyClient, tokenId, actions) {
|
|
|
1240
1240
|
"POLICY_REJECTED",
|
|
1241
1241
|
"Policy rejected transaction",
|
|
1242
1242
|
{
|
|
1243
|
+
enforcement: "on-chain",
|
|
1244
|
+
policyGuardContract: DEFAULT_GUARD,
|
|
1245
|
+
verifyOnChain: `https://bscscan.com/address/${DEFAULT_GUARD}`,
|
|
1243
1246
|
failedActionIndex: index,
|
|
1244
1247
|
failedActionTarget: action.target,
|
|
1245
1248
|
failedActionSelector: getActionSelector(action),
|
package/dist/mcp.mjs
CHANGED