{ "schemaVersion": "1.0", "item": { "slug": "giraffe-guard", "name": "🦒 Giraffe Guard — 长颈鹿卫士", "source": "tencent", "type": "skill", "category": "AI 智能", "sourceUrl": "https://clawhub.ai/lida408/giraffe-guard", "canonicalUrl": "https://clawhub.ai/lida408/giraffe-guard", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/giraffe-guard", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=giraffe-guard", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "README.md", "SKILL.md", "scripts/ast_analyzer.py", "scripts/audit.sh", "whitelist.example.txt" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-30T16:55:25.780Z", "expiresAt": "2026-05-07T16:55:25.780Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentDisposition": "attachment; filename=\"network-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/giraffe-guard" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/giraffe-guard", "agentPageUrl": "https://openagent3.xyz/skills/giraffe-guard/agent", "manifestUrl": "https://openagent3.xyz/skills/giraffe-guard/agent.json", "briefUrl": "https://openagent3.xyz/skills/giraffe-guard/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "🦒 Giraffe Guard — 长颈鹿卫士", "body": "Scan OpenClaw skill directories for supply chain attacks and malicious code.\n扫描 OpenClaw skill 目录,检测潜在的供应链投毒和恶意代码。" }, { "title": "Features / 功能", "body": "22 security detection rules covering the full supply chain attack surface / 22 条检测规则,覆盖供应链攻击全链路\nContext-aware: distinguishes documentation from executable code, reducing false positives / 上下文感知:区分文档描述和实际可执行代码,降低误报\nColored terminal output + JSON report output / 彩色终端输出 + JSON 格式报告\n--verbose mode shows matching line context / --verbose 模式显示匹配行上下文\n--skip-dir to exclude directories / --skip-dir 跳过指定目录\nWhitelist support / 白名单机制\nCompatible with macOS and Linux, zero external dependencies / 兼容 macOS 和 Linux,零外部依赖" }, { "title": "Scan a skill directory / 扫描目录", "body": "{baseDir}/scripts/audit.sh /path/to/skills" }, { "title": "Verbose mode / 详细模式", "body": "{baseDir}/scripts/audit.sh --verbose /path/to/skills" }, { "title": "JSON report / JSON 报告", "body": "{baseDir}/scripts/audit.sh --json /path/to/skills" }, { "title": "With whitelist / 使用白名单", "body": "{baseDir}/scripts/audit.sh --whitelist whitelist.txt /path/to/skills" }, { "title": "Skip directories / 跳过目录", "body": "{baseDir}/scripts/audit.sh --skip-dir node_modules --skip-dir vendor /path/to/skills" }, { "title": "Combined / 组合使用", "body": "{baseDir}/scripts/audit.sh --verbose --context 3 --whitelist whitelist.txt --skip-dir node_modules /path/to/skills" }, { "title": "🔴 Critical / 严重级别", "body": "#RuleEN中文1pipe-executionPipe execution (curl/wget to bash)管道执行2base64-decode-pipeBase64 decoded and pipedBase64 解码管道执行3security-bypassmacOS Gatekeeper/SIP bypass安全机制绕过5tor-onion-addressTor hidden service暗网地址5reverse-shellReverse shell patterns反向 shell7file-type-disguiseBinary disguised as text文件类型伪装8ssh-key-exfiltrationSSH key theftSSH 密钥窃取8cloud-credential-accessCloud credential access云凭证访问8env-exfiltrationEnv vars sent over network环境变量外传9anti-sandboxAnti-debug/anti-sandbox反沙盒/反调试10covert-downloaderOne-liner downloaders单行下载器11persistence-launchagentmacOS LaunchAgent持久化13string-concat-bypassString concatenation bypass字符串拼接绕过15env-file-leak.env with real secrets.env 密钥泄露16typosquat-npm/pipTyposquatting packages包名仿冒17malicious-postinstallMalicious lifecycle scripts恶意生命周期脚本18git-hooksActive git hooks活跃 git hooks19sensitive-file-leakPrivate keys/credentials私钥/凭证泄露20skillmd-prompt-injectionPrompt injection in SKILL.mdSKILL.md prompt 注入21dockerfile-privilegedDocker privileged modeDocker 特权模式22zero-width-charsZero-width Unicode chars零宽 Unicode 字符" }, { "title": "🟡 Warning / 警告级别", "body": "#RuleEN中文2long-base64-stringLong Base64 strings超长 Base64 字符串4dangerous-permissionsDangerous permissions危险权限修改5suspicious-network-ipNon-local IP connections非本地 IP 直连5netcat-listenerNetcat listenersnetcat 监听6covert-exec-evalSuspicious eval() (JS/TS)可疑 eval 调用6covert-exec-pythonos.system/subprocess in .pyPython 危险调用11cron-injectionCron/launchctl injection定时任务注入12hidden-executableHidden executable files隐藏可执行文件13hex/unicode-obfuscationHex/Unicode obfuscationhex/Unicode 混淆14symlink-sensitiveSymlinks to sensitive paths敏感符号链接16custom-registryNon-official registries非官方包源20skillmd-privilege-escalationPrivilege escalation权限提升21dockerfile-sensitive-mountSensitive mounts敏感目录挂载21dockerfile-host-networkHost network mode主机网络模式" }, { "title": "Exit Codes / 退出码", "body": "0 — ✅ Clean / 安全\n1 — 🟡 Warnings / 有警告\n2 — 🔴 Critical / 有严重发现" }, { "title": "Dependencies / 依赖", "body": "No external dependencies. Uses: bash, grep, sed, find, file, awk, readlink, perl\n零外部依赖,仅使用系统自带工具。" } ], "body": "🦒 Giraffe Guard — 长颈鹿卫士\n\nScan OpenClaw skill directories for supply chain attacks and malicious code. 扫描 OpenClaw skill 目录,检测潜在的供应链投毒和恶意代码。\n\nFeatures / 功能\n22 security detection rules covering the full supply chain attack surface / 22 条检测规则,覆盖供应链攻击全链路\nContext-aware: distinguishes documentation from executable code, reducing false positives / 上下文感知:区分文档描述和实际可执行代码,降低误报\nColored terminal output + JSON report output / 彩色终端输出 + JSON 格式报告\n--verbose mode shows matching line context / --verbose 模式显示匹配行上下文\n--skip-dir to exclude directories / --skip-dir 跳过指定目录\nWhitelist support / 白名单机制\nCompatible with macOS and Linux, zero external dependencies / 兼容 macOS 和 Linux,零外部依赖\nUsage / 使用方法\nScan a skill directory / 扫描目录\n{baseDir}/scripts/audit.sh /path/to/skills\n\nVerbose mode / 详细模式\n{baseDir}/scripts/audit.sh --verbose /path/to/skills\n\nJSON report / JSON 报告\n{baseDir}/scripts/audit.sh --json /path/to/skills\n\nWith whitelist / 使用白名单\n{baseDir}/scripts/audit.sh --whitelist whitelist.txt /path/to/skills\n\nSkip directories / 跳过目录\n{baseDir}/scripts/audit.sh --skip-dir node_modules --skip-dir vendor /path/to/skills\n\nCombined / 组合使用\n{baseDir}/scripts/audit.sh --verbose --context 3 --whitelist whitelist.txt --skip-dir node_modules /path/to/skills\n\nDetection Rules (22) / 检测规则\n🔴 Critical / 严重级别\n#\tRule\tEN\t中文\n1\tpipe-execution\tPipe execution (curl/wget to bash)\t管道执行\n2\tbase64-decode-pipe\tBase64 decoded and piped\tBase64 解码管道执行\n3\tsecurity-bypass\tmacOS Gatekeeper/SIP bypass\t安全机制绕过\n5\ttor-onion-address\tTor hidden service\t暗网地址\n5\treverse-shell\tReverse shell patterns\t反向 shell\n7\tfile-type-disguise\tBinary disguised as text\t文件类型伪装\n8\tssh-key-exfiltration\tSSH key theft\tSSH 密钥窃取\n8\tcloud-credential-access\tCloud credential access\t云凭证访问\n8\tenv-exfiltration\tEnv vars sent over network\t环境变量外传\n9\tanti-sandbox\tAnti-debug/anti-sandbox\t反沙盒/反调试\n10\tcovert-downloader\tOne-liner downloaders\t单行下载器\n11\tpersistence-launchagent\tmacOS LaunchAgent\t持久化\n13\tstring-concat-bypass\tString concatenation bypass\t字符串拼接绕过\n15\tenv-file-leak\t.env with real secrets\t.env 密钥泄露\n16\ttyposquat-npm/pip\tTyposquatting packages\t包名仿冒\n17\tmalicious-postinstall\tMalicious lifecycle scripts\t恶意生命周期脚本\n18\tgit-hooks\tActive git hooks\t活跃 git hooks\n19\tsensitive-file-leak\tPrivate keys/credentials\t私钥/凭证泄露\n20\tskillmd-prompt-injection\tPrompt injection in SKILL.md\tSKILL.md prompt 注入\n21\tdockerfile-privileged\tDocker privileged mode\tDocker 特权模式\n22\tzero-width-chars\tZero-width Unicode chars\t零宽 Unicode 字符\n🟡 Warning / 警告级别\n#\tRule\tEN\t中文\n2\tlong-base64-string\tLong Base64 strings\t超长 Base64 字符串\n4\tdangerous-permissions\tDangerous permissions\t危险权限修改\n5\tsuspicious-network-ip\tNon-local IP connections\t非本地 IP 直连\n5\tnetcat-listener\tNetcat listeners\tnetcat 监听\n6\tcovert-exec-eval\tSuspicious eval() (JS/TS)\t可疑 eval 调用\n6\tcovert-exec-python\tos.system/subprocess in .py\tPython 危险调用\n11\tcron-injection\tCron/launchctl injection\t定时任务注入\n12\thidden-executable\tHidden executable files\t隐藏可执行文件\n13\thex/unicode-obfuscation\tHex/Unicode obfuscation\thex/Unicode 混淆\n14\tsymlink-sensitive\tSymlinks to sensitive paths\t敏感符号链接\n16\tcustom-registry\tNon-official registries\t非官方包源\n20\tskillmd-privilege-escalation\tPrivilege escalation\t权限提升\n21\tdockerfile-sensitive-mount\tSensitive mounts\t敏感目录挂载\n21\tdockerfile-host-network\tHost network mode\t主机网络模式\nExit Codes / 退出码\n0 — ✅ Clean / 安全\n1 — 🟡 Warnings / 有警告\n2 — 🔴 Critical / 有严重发现\nDependencies / 依赖\n\nNo external dependencies. Uses: bash, grep, sed, find, file, awk, readlink, perl 零外部依赖,仅使用系统自带工具。" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/lida408/giraffe-guard", "publisherUrl": "https://clawhub.ai/lida408/giraffe-guard", "owner": "lida408", "version": "3.1.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/giraffe-guard", "downloadUrl": "https://openagent3.xyz/downloads/giraffe-guard", "agentUrl": "https://openagent3.xyz/skills/giraffe-guard/agent", "manifestUrl": "https://openagent3.xyz/skills/giraffe-guard/agent.json", "briefUrl": "https://openagent3.xyz/skills/giraffe-guard/agent.md" } }