# Send 🦒 Giraffe Guard — 长颈鹿卫士 to your agent
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
## Fast path
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
## Suggested prompts
### New install

```text
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete.
```
### Upgrade existing

```text
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run.
```
## Machine-readable fields
```json
{
  "schemaVersion": "1.0",
  "item": {
    "slug": "giraffe-guard",
    "name": "🦒 Giraffe Guard — 长颈鹿卫士",
    "source": "tencent",
    "type": "skill",
    "category": "AI 智能",
    "sourceUrl": "https://clawhub.ai/lida408/giraffe-guard",
    "canonicalUrl": "https://clawhub.ai/lida408/giraffe-guard",
    "targetPlatform": "OpenClaw"
  },
  "install": {
    "downloadUrl": "/downloads/giraffe-guard",
    "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=giraffe-guard",
    "sourcePlatform": "tencent",
    "targetPlatform": "OpenClaw",
    "packageFormat": "ZIP package",
    "primaryDoc": "SKILL.md",
    "includedAssets": [
      "README.md",
      "SKILL.md",
      "scripts/ast_analyzer.py",
      "scripts/audit.sh",
      "whitelist.example.txt"
    ],
    "downloadMode": "redirect",
    "sourceHealth": {
      "source": "tencent",
      "slug": "giraffe-guard",
      "status": "healthy",
      "reason": "direct_download_ok",
      "recommendedAction": "download",
      "checkedAt": "2026-05-05T09:40:27.847Z",
      "expiresAt": "2026-05-12T09:40:27.847Z",
      "httpStatus": 200,
      "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=giraffe-guard",
      "contentType": "application/zip",
      "probeMethod": "head",
      "details": {
        "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=giraffe-guard",
        "contentDisposition": "attachment; filename=\"giraffe-guard-3.1.0.zip\"",
        "redirectLocation": null,
        "bodySnippet": null,
        "slug": "giraffe-guard"
      },
      "scope": "item",
      "summary": "Item download looks usable.",
      "detail": "Yavira can redirect you to the upstream package for this item.",
      "primaryActionLabel": "Download for OpenClaw",
      "primaryActionHref": "/downloads/giraffe-guard"
    },
    "validation": {
      "installChecklist": [
        "Use the Yavira download entry.",
        "Review SKILL.md after the package is downloaded.",
        "Confirm the extracted package contains the expected setup assets."
      ],
      "postInstallChecks": [
        "Confirm the extracted package includes the expected docs or setup files.",
        "Validate the skill or prompts are available in your target agent workspace.",
        "Capture any manual follow-up steps the agent could not complete."
      ]
    }
  },
  "links": {
    "detailUrl": "https://openagent3.xyz/skills/giraffe-guard",
    "downloadUrl": "https://openagent3.xyz/downloads/giraffe-guard",
    "agentUrl": "https://openagent3.xyz/skills/giraffe-guard/agent",
    "manifestUrl": "https://openagent3.xyz/skills/giraffe-guard/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/giraffe-guard/agent.md"
  }
}
```
## Documentation

### 🦒 Giraffe Guard — 长颈鹿卫士

Scan OpenClaw skill directories for supply chain attacks and malicious code.
扫描 OpenClaw skill 目录，检测潜在的供应链投毒和恶意代码。

### Features / 功能

22 security detection rules covering the full supply chain attack surface / 22 条检测规则，覆盖供应链攻击全链路
Context-aware: distinguishes documentation from executable code, reducing false positives / 上下文感知：区分文档描述和实际可执行代码，降低误报
Colored terminal output + JSON report output / 彩色终端输出 + JSON 格式报告
--verbose mode shows matching line context / --verbose 模式显示匹配行上下文
--skip-dir to exclude directories / --skip-dir 跳过指定目录
Whitelist support / 白名单机制
Compatible with macOS and Linux, zero external dependencies / 兼容 macOS 和 Linux，零外部依赖

### Scan a skill directory / 扫描目录

{baseDir}/scripts/audit.sh /path/to/skills

### Verbose mode / 详细模式

{baseDir}/scripts/audit.sh --verbose /path/to/skills

### JSON report / JSON 报告

{baseDir}/scripts/audit.sh --json /path/to/skills

### With whitelist / 使用白名单

{baseDir}/scripts/audit.sh --whitelist whitelist.txt /path/to/skills

### Skip directories / 跳过目录

{baseDir}/scripts/audit.sh --skip-dir node_modules --skip-dir vendor /path/to/skills

### Combined / 组合使用

{baseDir}/scripts/audit.sh --verbose --context 3 --whitelist whitelist.txt --skip-dir node_modules /path/to/skills

### 🔴 Critical / 严重级别

#RuleEN中文1pipe-executionPipe execution (curl/wget to bash)管道执行2base64-decode-pipeBase64 decoded and pipedBase64 解码管道执行3security-bypassmacOS Gatekeeper/SIP bypass安全机制绕过5tor-onion-addressTor hidden service暗网地址5reverse-shellReverse shell patterns反向 shell7file-type-disguiseBinary disguised as text文件类型伪装8ssh-key-exfiltrationSSH key theftSSH 密钥窃取8cloud-credential-accessCloud credential access云凭证访问8env-exfiltrationEnv vars sent over network环境变量外传9anti-sandboxAnti-debug/anti-sandbox反沙盒/反调试10covert-downloaderOne-liner downloaders单行下载器11persistence-launchagentmacOS LaunchAgent持久化13string-concat-bypassString concatenation bypass字符串拼接绕过15env-file-leak.env with real secrets.env 密钥泄露16typosquat-npm/pipTyposquatting packages包名仿冒17malicious-postinstallMalicious lifecycle scripts恶意生命周期脚本18git-hooksActive git hooks活跃 git hooks19sensitive-file-leakPrivate keys/credentials私钥/凭证泄露20skillmd-prompt-injectionPrompt injection in SKILL.mdSKILL.md prompt 注入21dockerfile-privilegedDocker privileged modeDocker 特权模式22zero-width-charsZero-width Unicode chars零宽 Unicode 字符

### 🟡 Warning / 警告级别

#RuleEN中文2long-base64-stringLong Base64 strings超长 Base64 字符串4dangerous-permissionsDangerous permissions危险权限修改5suspicious-network-ipNon-local IP connections非本地 IP 直连5netcat-listenerNetcat listenersnetcat 监听6covert-exec-evalSuspicious eval() (JS/TS)可疑 eval 调用6covert-exec-pythonos.system/subprocess in .pyPython 危险调用11cron-injectionCron/launchctl injection定时任务注入12hidden-executableHidden executable files隐藏可执行文件13hex/unicode-obfuscationHex/Unicode obfuscationhex/Unicode 混淆14symlink-sensitiveSymlinks to sensitive paths敏感符号链接16custom-registryNon-official registries非官方包源20skillmd-privilege-escalationPrivilege escalation权限提升21dockerfile-sensitive-mountSensitive mounts敏感目录挂载21dockerfile-host-networkHost network mode主机网络模式

### Exit Codes / 退出码

0 — ✅ Clean / 安全
1 — 🟡 Warnings / 有警告
2 — 🔴 Critical / 有严重发现

### Dependencies / 依赖

No external dependencies. Uses: bash, grep, sed, find, file, awk, readlink, perl
零外部依赖，仅使用系统自带工具。
## Trust
- Source: tencent
- Verification: Indexed source record
- Publisher: lida408
- Version: 3.1.0
## Source health
- Status: healthy
- Item download looks usable.
- Yavira can redirect you to the upstream package for this item.
- Health scope: item
- Reason: direct_download_ok
- Checked at: 2026-05-05T09:40:27.847Z
- Expires at: 2026-05-12T09:40:27.847Z
- Recommended action: Download for OpenClaw
## Links
- [Detail page](https://openagent3.xyz/skills/giraffe-guard)
- [Send to Agent page](https://openagent3.xyz/skills/giraffe-guard/agent)
- [JSON manifest](https://openagent3.xyz/skills/giraffe-guard/agent.json)
- [Markdown brief](https://openagent3.xyz/skills/giraffe-guard/agent.md)
- [Download page](https://openagent3.xyz/downloads/giraffe-guard)