{ "schemaVersion": "1.0", "item": { "slug": "pyx-scan", "name": "Pyx Scan", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/fysoul17/pyx-scan", "canonicalUrl": "https://clawhub.ai/fysoul17/pyx-scan", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/pyx-scan", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=pyx-scan", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-30T16:55:25.780Z", "expiresAt": "2026-05-07T16:55:25.780Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentDisposition": "attachment; filename=\"network-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/pyx-scan" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/pyx-scan", "agentPageUrl": "https://openagent3.xyz/skills/pyx-scan/agent", "manifestUrl": "https://openagent3.xyz/skills/pyx-scan/agent.json", "briefUrl": "https://openagent3.xyz/skills/pyx-scan/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "PYX Scan — Agent Skill Safety Check", "body": "Verify whether an AI agent skill is safe before installing or using it by querying the PYX Scanner API." }, { "title": "Step 1: Parse Input", "body": "Extract owner and name from $ARGUMENTS.\n\nExpected format: owner/name (e.g., anthropic/web-search)\nIf $ARGUMENTS is empty or missing the / separator, ask the user:\n\"Which skill do you want to check? Provide it as owner/name (e.g., anthropic/web-search).\"\nTrim whitespace. Reject if either part is empty after trimming." }, { "title": "Step 2: Call the PYX Scanner API", "body": "Fetch the safety data:\n\nWebFetch URL: https://scanner.pyxmate.com/api/v1/check/{owner}/{name}\nPrompt: \"Return the full JSON response body exactly as-is. Do not summarize.\"\n\nIf WebFetch fails (tool unavailable, network error), fall back to:\n\ncurl -s \"https://scanner.pyxmate.com/api/v1/check/{owner}/{name}\"" }, { "title": "Step 3: Handle Errors", "body": "HTTP StatusMeaningAction200Skill foundProceed to Step 4404Skill not in databaseVerdict = UNSCANNED429Rate limitedVerdict = ERROR — \"Rate limited. Try again shortly.\"5xxServer errorVerdict = ERROR — \"PYX Scanner is temporarily unavailable.\"Network failureCannot reach APIVerdict = ERROR — \"Could not connect to PYX Scanner.\"" }, { "title": "Step 4: Determine Verdict", "body": "Use the JSON response fields to determine the verdict:\n\nConditionVerdictrecommendation == \"safe\" AND is_outdated == falseSAFErecommendation == \"safe\" AND is_outdated == trueOUTDATEDrecommendation == \"caution\"CAUTIONrecommendation == \"danger\"FAILEDrecommendation == \"unknown\"UNSCANNED" }, { "title": "Step 5: Output Report", "body": "Format the report as structured markdown. Omit any section where the data is null or empty.\n\nFor SAFE verdict:\n\n## PYX Scan: {owner}/{name}\n\n**Verdict: SAFE** — This skill has been scanned and verified safe.\n\n**Trust Score:** {trust_score}/10 | **Risk Score:** {risk_score}/10 | **Confidence:** {confidence}%\n**Intent:** {intent} | **Status:** {status}\n\n### Summary\n{summary}\n\n### About\n**Purpose:** {about.purpose}\n**Capabilities:** {about.capabilities as bullet list}\n**Permissions Required:** {about.permissions_required as bullet list}\n\n[View full report]({detail_url}) | [Badge]({badge_url})\n\nFor OUTDATED verdict:\n\n## PYX Scan: {owner}/{name}\n\n**Verdict: OUTDATED** — Last scan was safe, but the skill has been updated since.\n\nThe scanned commit (`{scanned_commit}`) no longer matches the latest (`{latest_commit}`).\nThe new version has NOT been reviewed. Proceed with caution.\n\n**Trust Score:** {trust_score}/10 | **Risk Score:** {risk_score}/10\n**Last Safe Commit:** {last_safe_commit}\n\n### Summary\n{summary}\n\n[View full report]({detail_url})\n\nFor CAUTION verdict:\n\n## PYX Scan: {owner}/{name}\n\n**Verdict: CAUTION** — This skill has potential risks that need your attention.\n\n**Trust Score:** {trust_score}/10 | **Risk Score:** {risk_score}/10 | **Confidence:** {confidence}%\n**Intent:** {intent} | **Status:** {status}\n\n### Summary\n{summary}\n\n### About\n**Purpose:** {about.purpose}\n**Permissions Required:** {about.permissions_required as bullet list}\n**Security Notes:** {about.security_notes}\n\n**Do you want to proceed despite the caution rating?** Please confirm before installing or using this skill.\n\n[View full report]({detail_url})\n\nFor FAILED verdict:\n\n## PYX Scan: {owner}/{name}\n\n**Verdict: FAILED** — This skill has been flagged as dangerous. Do NOT install or use it.\n\n**Trust Score:** {trust_score}/10 | **Risk Score:** {risk_score}/10 | **Confidence:** {confidence}%\n**Intent:** {intent} | **Status:** {status}\n\n### Summary\n{summary}\n\n### About\n**Security Notes:** {about.security_notes}\n\n[View full report]({detail_url})\n\nFor UNSCANNED verdict:\n\n## PYX Scan: {owner}/{name}\n\n**Verdict: UNSCANNED** — This skill has not been scanned by PYX Scanner.\n\nNo safety data is available. You should:\n1. Review the skill's source code manually before use\n2. Check the skill's repository for known issues\n3. Request a scan at https://scanner.pyxmate.com\n\nFor ERROR verdict:\n\n## PYX Scan: {owner}/{name}\n\n**Verdict: ERROR** — {error_message}\n\nSafety could not be verified. Treat this skill as unverified until you can confirm its safety." }, { "title": "Behavioral Rules", "body": "Always call the API — never skip the check or return a cached/assumed result.\nNever soften a FAILED verdict — if the scan says danger, report danger. Do not add qualifiers like \"but it might be fine.\"\nAlways ask user confirmation on CAUTION — the user must explicitly agree before proceeding.\nKeep reports concise — omit null/empty sections rather than showing \"N/A.\"\nNo raw JSON — always format the response as the structured markdown report above." }, { "title": "Self-Scan Awareness", "body": "When $ARGUMENTS is pyxmate/pyx-scan, pyxmate/pyx-scanner, or refers to this skill itself, still call the API honestly and report whatever comes back. If the result is UNSCANNED, append:\n\n\"Yes, even the security scanner's own skill hasn't been scanned yet. We practice what we preach — treat unscanned skills with caution.\"" } ], "body": "PYX Scan — Agent Skill Safety Check\n\nVerify whether an AI agent skill is safe before installing or using it by querying the PYX Scanner API.\n\nWorkflow\nStep 1: Parse Input\n\nExtract owner and name from $ARGUMENTS.\n\nExpected format: owner/name (e.g., anthropic/web-search)\nIf $ARGUMENTS is empty or missing the / separator, ask the user: \"Which skill do you want to check? Provide it as owner/name (e.g., anthropic/web-search).\"\nTrim whitespace. Reject if either part is empty after trimming.\nStep 2: Call the PYX Scanner API\n\nFetch the safety data:\n\nWebFetch URL: https://scanner.pyxmate.com/api/v1/check/{owner}/{name}\nPrompt: \"Return the full JSON response body exactly as-is. Do not summarize.\"\n\n\nIf WebFetch fails (tool unavailable, network error), fall back to:\n\ncurl -s \"https://scanner.pyxmate.com/api/v1/check/{owner}/{name}\"\n\nStep 3: Handle Errors\nHTTP Status\tMeaning\tAction\n200\tSkill found\tProceed to Step 4\n404\tSkill not in database\tVerdict = UNSCANNED\n429\tRate limited\tVerdict = ERROR — \"Rate limited. Try again shortly.\"\n5xx\tServer error\tVerdict = ERROR — \"PYX Scanner is temporarily unavailable.\"\nNetwork failure\tCannot reach API\tVerdict = ERROR — \"Could not connect to PYX Scanner.\"\nStep 4: Determine Verdict\n\nUse the JSON response fields to determine the verdict:\n\nCondition\tVerdict\nrecommendation == \"safe\" AND is_outdated == false\tSAFE\nrecommendation == \"safe\" AND is_outdated == true\tOUTDATED\nrecommendation == \"caution\"\tCAUTION\nrecommendation == \"danger\"\tFAILED\nrecommendation == \"unknown\"\tUNSCANNED\nStep 5: Output Report\n\nFormat the report as structured markdown. Omit any section where the data is null or empty.\n\nFor SAFE verdict:\n\n## PYX Scan: {owner}/{name}\n\n**Verdict: SAFE** — This skill has been scanned and verified safe.\n\n**Trust Score:** {trust_score}/10 | **Risk Score:** {risk_score}/10 | **Confidence:** {confidence}%\n**Intent:** {intent} | **Status:** {status}\n\n### Summary\n{summary}\n\n### About\n**Purpose:** {about.purpose}\n**Capabilities:** {about.capabilities as bullet list}\n**Permissions Required:** {about.permissions_required as bullet list}\n\n[View full report]({detail_url}) | [Badge]({badge_url})\n\n\nFor OUTDATED verdict:\n\n## PYX Scan: {owner}/{name}\n\n**Verdict: OUTDATED** — Last scan was safe, but the skill has been updated since.\n\nThe scanned commit (`{scanned_commit}`) no longer matches the latest (`{latest_commit}`).\nThe new version has NOT been reviewed. Proceed with caution.\n\n**Trust Score:** {trust_score}/10 | **Risk Score:** {risk_score}/10\n**Last Safe Commit:** {last_safe_commit}\n\n### Summary\n{summary}\n\n[View full report]({detail_url})\n\n\nFor CAUTION verdict:\n\n## PYX Scan: {owner}/{name}\n\n**Verdict: CAUTION** — This skill has potential risks that need your attention.\n\n**Trust Score:** {trust_score}/10 | **Risk Score:** {risk_score}/10 | **Confidence:** {confidence}%\n**Intent:** {intent} | **Status:** {status}\n\n### Summary\n{summary}\n\n### About\n**Purpose:** {about.purpose}\n**Permissions Required:** {about.permissions_required as bullet list}\n**Security Notes:** {about.security_notes}\n\n**Do you want to proceed despite the caution rating?** Please confirm before installing or using this skill.\n\n[View full report]({detail_url})\n\n\nFor FAILED verdict:\n\n## PYX Scan: {owner}/{name}\n\n**Verdict: FAILED** — This skill has been flagged as dangerous. Do NOT install or use it.\n\n**Trust Score:** {trust_score}/10 | **Risk Score:** {risk_score}/10 | **Confidence:** {confidence}%\n**Intent:** {intent} | **Status:** {status}\n\n### Summary\n{summary}\n\n### About\n**Security Notes:** {about.security_notes}\n\n[View full report]({detail_url})\n\n\nFor UNSCANNED verdict:\n\n## PYX Scan: {owner}/{name}\n\n**Verdict: UNSCANNED** — This skill has not been scanned by PYX Scanner.\n\nNo safety data is available. You should:\n1. Review the skill's source code manually before use\n2. Check the skill's repository for known issues\n3. Request a scan at https://scanner.pyxmate.com\n\n\nFor ERROR verdict:\n\n## PYX Scan: {owner}/{name}\n\n**Verdict: ERROR** — {error_message}\n\nSafety could not be verified. Treat this skill as unverified until you can confirm its safety.\n\nBehavioral Rules\nAlways call the API — never skip the check or return a cached/assumed result.\nNever soften a FAILED verdict — if the scan says danger, report danger. Do not add qualifiers like \"but it might be fine.\"\nAlways ask user confirmation on CAUTION — the user must explicitly agree before proceeding.\nKeep reports concise — omit null/empty sections rather than showing \"N/A.\"\nNo raw JSON — always format the response as the structured markdown report above.\nSelf-Scan Awareness\n\nWhen $ARGUMENTS is pyxmate/pyx-scan, pyxmate/pyx-scanner, or refers to this skill itself, still call the API honestly and report whatever comes back. If the result is UNSCANNED, append:\n\n\"Yes, even the security scanner's own skill hasn't been scanned yet. We practice what we preach — treat unscanned skills with caution.\"" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/fysoul17/pyx-scan", "publisherUrl": "https://clawhub.ai/fysoul17/pyx-scan", "owner": "fysoul17", "version": "1.1.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/pyx-scan", "downloadUrl": "https://openagent3.xyz/downloads/pyx-scan", "agentUrl": "https://openagent3.xyz/skills/pyx-scan/agent", "manifestUrl": "https://openagent3.xyz/skills/pyx-scan/agent.json", "briefUrl": "https://openagent3.xyz/skills/pyx-scan/agent.md" } }