Requirements
- Target platform
- OpenClaw
- Install method
- Manual import
- Extraction
- Extract archive
- Prerequisites
- OpenClaw
- Primary doc
- SKILL.md
Tencent SkillHub · Developer Tools
Semantic Shield
AI skill safety validation — real human experts vet skills, plugins, and MCP tools for security risks. Query trust scores, submit evaluation inquiries, and g...
skill openclawclawhub Free
AI skill safety validation — real human experts vet skills, plugins, and MCP tools for security risks. Query trust scores, submit evaluation inquiries, and g...
⬇ 0 downloads ★ 0 stars Unverified but indexed
Install for OpenClaw
Quick setup
- Download the package from Yavira.
- Extract the archive and review SKILL.md first.
- Import or place the package into your OpenClaw setup.
Package facts
- Download mode
- Yavira redirect
- Package format
- ZIP package
- Source platform
- Tencent SkillHub
- What's included
- LISTING.txt, clawhub.json, SKILL.md, CHANGELOG.txt, LICENSE.txt
Validation
- Use the Yavira download entry.
- Review SKILL.md after the package is downloaded.
- Confirm the extracted package contains the expected setup assets.
Install with your agent
Agent handoff
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
New install
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.
Upgrade existing
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.
Trust & source
Release facts
- Source
- Tencent SkillHub
- Verification
- Indexed source record
- Version
- 1.0.1
Provenance
- Publisher
- simplysemantics
- Source page
- View original listing
- Canonical URL
- Open canonical page
Documentation
Semantic Shield
Quick summary AI skill safety validation powered by real human security experts. Before your agent installs a skill, plugin, or MCP tool — check its trust profile. Get a safety score (0–100), risk level, threat details, and a clear install/reject recommendation. If the skill hasn't been vetted yet, submit it for expert evaluation. Continuous 0-day monitoring keeps assessments current. 100% REAL human security staff with 30+ years of enterprise security experience, including US Homeland Security. No AI-only reviews — every skill is assessed by trusted experts.
Authentication
SEMANTIC_SHIELD_API_KEY is always required. This is your personal API key generated when you create an account at https://dashboard.simplysemantics.com. It authenticates your requests and is scoped to your Semantic Shield account only — it does not grant access to any other Simply Semantics service or third-party system. You can revoke and regenerate your key at any time from the dashboard.
Privacy & data handling
What data is sent: Only skill identifiers (skill_id), provider names (provider), and optionally a public skill URL (skill_url) when submitting a skill for evaluation. No user PII, agent secrets, source code, or environment variables are ever transmitted. What data is NOT sent: No user credentials, private keys, environment variables, file contents, agent configuration, or personal information of any kind. Data retention: Skill safety assessments are stored in the Semantic Shield registry and are available to all users (they are public safety verdicts). Your account usage metrics (lookup/inquiry counts) are stored in your account only. API key handling: Your SEMANTIC_SHIELD_API_KEY is used solely for request authentication. It is never logged, shared, or transmitted to third parties. Webhook alerts (Pro+ tiers only): If you configure a webhook URL in the dashboard, Semantic Shield will POST notifications to your URL when a previously vetted skill's safety status changes (e.g. new threat detected). The webhook payload contains only the skill ID, provider, updated safety score, and risk level. You control the webhook URL and can disable it at any time. Free tier users do not have webhooks. No cross-service data sharing: Your Semantic Shield data is not shared with other Simply Semantics services (e.g. Semantic Prospect). Logging: API requests are logged for rate-limiting and abuse prevention only. Logs contain your API key hash (not the key itself), the endpoint called, skill_id, provider, and timestamp. Logs are retained for 30 days.
When to use this skill (activation triggers)
Activate Semantic Shield when the user or agent: Is about to install, enable, or use an AI skill, plugin, tool, or MCP endpoint. Asks "is this skill safe?", "should I trust this plugin?", "check this tool's security", "vet this skill". Wants to look up a skill's safety score, risk level, or threat profile. Wants to submit an unknown or unvetted skill for expert security review. Needs to verify trust before autonomous agent action (install, execute, delegate). Asks about skill security, compliance, or risk assessment. Do NOT use for: General cybersecurity questions unrelated to AI skills/plugins. Scanning websites, IPs, or infrastructure (use dedicated security tools). PII lookup or identity verification. Code review or static analysis (Semantic Shield evaluates holistic skill risk, not line-by-line code).
1. Search for a skill (free — no quota cost)
Check if a skill exists in the Semantic Shield database before using a lookup. GET https://dashboard.simplysemantics.com/shield/api/v1/search Headers: x-api-key: ${SEMANTIC_SHIELD_API_KEY} Query parameters: q — skill name or ID (partial match) provider — optional provider name filter Example: GET https://dashboard.simplysemantics.com/shield/api/v1/search?q=weather&provider=example-ai Response: { "results": [ { "skill_id": "weather-pro-v2", "provider": "example-ai" } ], "count": 1 }
2. Check a skill's trust profile (costs 1 lookup)
Get full safety details for a specific skill. GET https://dashboard.simplysemantics.com/shield/api/v1/check Headers: x-api-key: ${SEMANTIC_SHIELD_API_KEY} Query parameters: skill_id — exact skill identifier (required) provider — exact provider name (required) Example: GET https://dashboard.simplysemantics.com/shield/api/v1/check?skill_id=weather-pro-v2&provider=example-ai Response (vetted): { "skill_id": "weather-pro-v2", "provider": "example-ai", "skill_url": "https://example.com/weather-pro-v2", "vetted": true, "vetted_by": "Simply Semantics", "safety_score": 92, "risk_level": "safe", "risk_summary": "No known vulnerabilities. Permissions scoped correctly.", "threats_found": [], "recommendation": "safe to install", "last_checked": "2026-02-28" } Response (not vetted — 404): { "skill_id": "unknown-plugin", "provider": "unverified-co", "vetted": false, "safety_score": null, "risk_level": "unknown", "recommendation": "not vetted - install at your own risk", "message": "This skill has not been reviewed. Submit it for validation.", "submit_url": "/api/v1/validate" }
3. Submit a skill for vetting (costs 1 inquiry)
If a skill is not in the database, submit it for expert evaluation. Only public skill identifiers and URLs are accepted — do not submit private source code, secrets, or internal URLs. POST https://dashboard.simplysemantics.com/shield/api/v1/validate Headers: x-api-key: ${SEMANTIC_SHIELD_API_KEY} Content-Type: application/json Body: { "skill_id": "new-plugin-v1", "provider": "some-provider", "skill_url": "https://example.com/new-plugin" } ⚠️ skill_url should be a public URL only (e.g. a marketplace listing, GitHub repo, or documentation page). Do not submit private/internal URLs, source code repositories, or URLs containing secrets or tokens. Response: { "message": "Skill submitted for evaluation.", "request_id": "abc-123", "skill_id": "new-plugin-v1", "provider": "some-provider", "status": "pending" }
4. Decision logic for agents
Based on the response, the agent should: safety_scorerisk_levelAction90–100safe✅ Install / proceed75–89low✅ Install, note minor risks50–74medium⚠️ Warn user, ask for confirmation25–49high❌ Recommend against, require explicit override0–24critical🚫 Block installation, alert usernullunknown⚠️ Not vetted — submit for review or warn user
5. Edge cases
401/403 → "Missing or invalid SEMANTIC_SHIELD_API_KEY. Set the env var to use this skill." 429 → "Rate/quota limit reached — upgrade your plan or retry later." 404 → Skill not vetted. Offer to submit for evaluation or warn user. 500 → "Service temporarily unavailable. Try again shortly."
Output format
Present results clearly to the user: 🛡️ Semantic Shield — Trust Report ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Skill: weather-pro-v2 Provider: example-ai Safety Score: 92/100 ✅ Risk Level: SAFE Recommendation: Safe to install Threats: None detected Last Checked: Feb 28, 2026 Vetted By: Simply Semantics ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Category context
Code helpers, APIs, CLIs, browser automation, testing, and developer operations.
Source: Tencent SkillHub
Largest current source with strong distribution and engagement signals.
Package contents
Included in package
3 Files1 Docs1 Config
- SKILL.md
- clawhub.json
- CHANGELOG.txt
- LICENSE.txt
- LISTING.txt