Requirements
- Target platform
- OpenClaw
- Install method
- Manual import
- Extraction
- Extract archive
- Prerequisites
- OpenClaw
- Primary doc
- SKILL.md
Tencent SkillHub · AI
🦒 Giraffe Guard — 长颈鹿卫士
Scan OpenClaw skill directories for 22 supply chain attack patterns with context-aware detection, colored output, JSON reports, and whitelist support.
skill openclawclawhub Free
Scan OpenClaw skill directories for 22 supply chain attack patterns with context-aware detection, colored output, JSON reports, and whitelist support.
⬇ 0 downloads ★ 0 stars Unverified but indexed
Install for OpenClaw
Quick setup
- Download the package from Yavira.
- Extract the archive and review SKILL.md first.
- Import or place the package into your OpenClaw setup.
Package facts
- Download mode
- Yavira redirect
- Package format
- ZIP package
- Source platform
- Tencent SkillHub
- What's included
- README.md, SKILL.md, scripts/ast_analyzer.py, scripts/audit.sh, whitelist.example.txt
Validation
- Use the Yavira download entry.
- Review SKILL.md after the package is downloaded.
- Confirm the extracted package contains the expected setup assets.
Install with your agent
Agent handoff
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
New install
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete.
Upgrade existing
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run.
Trust & source
Release facts
- Source
- Tencent SkillHub
- Verification
- Indexed source record
- Version
- 3.1.0
Provenance
- Publisher
- lida408
- Source page
- View original listing
- Canonical URL
- Open canonical page
Documentation
🦒 Giraffe Guard — 长颈鹿卫士
Scan OpenClaw skill directories for supply chain attacks and malicious code. 扫描 OpenClaw skill 目录,检测潜在的供应链投毒和恶意代码。
Features / 功能
22 security detection rules covering the full supply chain attack surface / 22 条检测规则,覆盖供应链攻击全链路 Context-aware: distinguishes documentation from executable code, reducing false positives / 上下文感知:区分文档描述和实际可执行代码,降低误报 Colored terminal output + JSON report output / 彩色终端输出 + JSON 格式报告 --verbose mode shows matching line context / --verbose 模式显示匹配行上下文 --skip-dir to exclude directories / --skip-dir 跳过指定目录 Whitelist support / 白名单机制 Compatible with macOS and Linux, zero external dependencies / 兼容 macOS 和 Linux,零外部依赖
Scan a skill directory / 扫描目录
{baseDir}/scripts/audit.sh /path/to/skills
Verbose mode / 详细模式
{baseDir}/scripts/audit.sh --verbose /path/to/skills
JSON report / JSON 报告
{baseDir}/scripts/audit.sh --json /path/to/skills
With whitelist / 使用白名单
{baseDir}/scripts/audit.sh --whitelist whitelist.txt /path/to/skills
Skip directories / 跳过目录
{baseDir}/scripts/audit.sh --skip-dir node_modules --skip-dir vendor /path/to/skills
Combined / 组合使用
{baseDir}/scripts/audit.sh --verbose --context 3 --whitelist whitelist.txt --skip-dir node_modules /path/to/skills
🔴 Critical / 严重级别
#RuleEN中文1pipe-executionPipe execution (curl/wget to bash)管道执行2base64-decode-pipeBase64 decoded and pipedBase64 解码管道执行3security-bypassmacOS Gatekeeper/SIP bypass安全机制绕过5tor-onion-addressTor hidden service暗网地址5reverse-shellReverse shell patterns反向 shell7file-type-disguiseBinary disguised as text文件类型伪装8ssh-key-exfiltrationSSH key theftSSH 密钥窃取8cloud-credential-accessCloud credential access云凭证访问8env-exfiltrationEnv vars sent over network环境变量外传9anti-sandboxAnti-debug/anti-sandbox反沙盒/反调试10covert-downloaderOne-liner downloaders单行下载器11persistence-launchagentmacOS LaunchAgent持久化13string-concat-bypassString concatenation bypass字符串拼接绕过15env-file-leak.env with real secrets.env 密钥泄露16typosquat-npm/pipTyposquatting packages包名仿冒17malicious-postinstallMalicious lifecycle scripts恶意生命周期脚本18git-hooksActive git hooks活跃 git hooks19sensitive-file-leakPrivate keys/credentials私钥/凭证泄露20skillmd-prompt-injectionPrompt injection in SKILL.mdSKILL.md prompt 注入21dockerfile-privilegedDocker privileged modeDocker 特权模式22zero-width-charsZero-width Unicode chars零宽 Unicode 字符
🟡 Warning / 警告级别
#RuleEN中文2long-base64-stringLong Base64 strings超长 Base64 字符串4dangerous-permissionsDangerous permissions危险权限修改5suspicious-network-ipNon-local IP connections非本地 IP 直连5netcat-listenerNetcat listenersnetcat 监听6covert-exec-evalSuspicious eval() (JS/TS)可疑 eval 调用6covert-exec-pythonos.system/subprocess in .pyPython 危险调用11cron-injectionCron/launchctl injection定时任务注入12hidden-executableHidden executable files隐藏可执行文件13hex/unicode-obfuscationHex/Unicode obfuscationhex/Unicode 混淆14symlink-sensitiveSymlinks to sensitive paths敏感符号链接16custom-registryNon-official registries非官方包源20skillmd-privilege-escalationPrivilege escalation权限提升21dockerfile-sensitive-mountSensitive mounts敏感目录挂载21dockerfile-host-networkHost network mode主机网络模式
Exit Codes / 退出码
0 — ✅ Clean / 安全 1 — 🟡 Warnings / 有警告 2 — 🔴 Critical / 有严重发现
Dependencies / 依赖
No external dependencies. Uses: bash, grep, sed, find, file, awk, readlink, perl 零外部依赖,仅使用系统自带工具。
Category context
Agent frameworks, memory systems, reasoning layers, and model-native orchestration.
Source: Tencent SkillHub
Largest current source with strong distribution and engagement signals.
Package contents
Included in package
2 Docs2 Scripts1 Files
- SKILL.md
- README.md
- scripts/ast_analyzer.py
- scripts/audit.sh
- whitelist.example.txt