{ "schemaVersion": "1.0", "item": { "slug": "semantic-shield", "name": "Semantic Shield", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/simplysemantics/semantic-shield", "canonicalUrl": "https://clawhub.ai/simplysemantics/semantic-shield", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/semantic-shield", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=semantic-shield", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "LISTING.txt", "clawhub.json", "SKILL.md", "CHANGELOG.txt", "LICENSE.txt" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-05-07T17:22:31.273Z", "expiresAt": "2026-05-14T17:22:31.273Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-annual-report", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-annual-report", "contentDisposition": "attachment; filename=\"afrexai-annual-report-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/semantic-shield" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/semantic-shield", "agentPageUrl": "https://openagent3.xyz/skills/semantic-shield/agent", "manifestUrl": "https://openagent3.xyz/skills/semantic-shield/agent.json", "briefUrl": "https://openagent3.xyz/skills/semantic-shield/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Semantic Shield", "body": "Quick summary\nAI skill safety validation powered by real human security experts. Before your agent installs a skill, plugin, or MCP tool — check its trust profile. Get a safety score (0–100), risk level, threat details, and a clear install/reject recommendation. If the skill hasn't been vetted yet, submit it for expert evaluation. Continuous 0-day monitoring keeps assessments current.\n\n100% REAL human security staff with 30+ years of enterprise security experience, including US Homeland Security. No AI-only reviews — every skill is assessed by trusted experts." }, { "title": "Authentication", "body": "SEMANTIC_SHIELD_API_KEY is always required. This is your personal API key generated when you create an account at https://dashboard.simplysemantics.com. It authenticates your requests and is scoped to your Semantic Shield account only — it does not grant access to any other Simply Semantics service or third-party system. You can revoke and regenerate your key at any time from the dashboard." }, { "title": "Privacy & data handling", "body": "What data is sent: Only skill identifiers (skill_id), provider names (provider), and optionally a public skill URL (skill_url) when submitting a skill for evaluation. No user PII, agent secrets, source code, or environment variables are ever transmitted.\nWhat data is NOT sent: No user credentials, private keys, environment variables, file contents, agent configuration, or personal information of any kind.\nData retention: Skill safety assessments are stored in the Semantic Shield registry and are available to all users (they are public safety verdicts). Your account usage metrics (lookup/inquiry counts) are stored in your account only.\nAPI key handling: Your SEMANTIC_SHIELD_API_KEY is used solely for request authentication. It is never logged, shared, or transmitted to third parties.\nWebhook alerts (Pro+ tiers only): If you configure a webhook URL in the dashboard, Semantic Shield will POST notifications to your URL when a previously vetted skill's safety status changes (e.g. new threat detected). The webhook payload contains only the skill ID, provider, updated safety score, and risk level. You control the webhook URL and can disable it at any time. Free tier users do not have webhooks.\nNo cross-service data sharing: Your Semantic Shield data is not shared with other Simply Semantics services (e.g. Semantic Prospect).\nLogging: API requests are logged for rate-limiting and abuse prevention only. Logs contain your API key hash (not the key itself), the endpoint called, skill_id, provider, and timestamp. Logs are retained for 30 days." }, { "title": "When to use this skill (activation triggers)", "body": "Activate Semantic Shield when the user or agent:\n\nIs about to install, enable, or use an AI skill, plugin, tool, or MCP endpoint.\nAsks \"is this skill safe?\", \"should I trust this plugin?\", \"check this tool's security\", \"vet this skill\".\nWants to look up a skill's safety score, risk level, or threat profile.\nWants to submit an unknown or unvetted skill for expert security review.\nNeeds to verify trust before autonomous agent action (install, execute, delegate).\nAsks about skill security, compliance, or risk assessment.\n\nDo NOT use for:\n\nGeneral cybersecurity questions unrelated to AI skills/plugins.\nScanning websites, IPs, or infrastructure (use dedicated security tools).\nPII lookup or identity verification.\nCode review or static analysis (Semantic Shield evaluates holistic skill risk, not line-by-line code)." }, { "title": "1. Search for a skill (free — no quota cost)", "body": "Check if a skill exists in the Semantic Shield database before using a lookup.\n\nGET https://dashboard.simplysemantics.com/shield/api/v1/search\n\nHeaders:\n\nx-api-key: ${SEMANTIC_SHIELD_API_KEY}\n\nQuery parameters:\n\nq — skill name or ID (partial match)\nprovider — optional provider name filter\n\nExample:\n\nGET https://dashboard.simplysemantics.com/shield/api/v1/search?q=weather&provider=example-ai\n\nResponse:\n\n{\n \"results\": [\n { \"skill_id\": \"weather-pro-v2\", \"provider\": \"example-ai\" }\n ],\n \"count\": 1\n}" }, { "title": "2. Check a skill's trust profile (costs 1 lookup)", "body": "Get full safety details for a specific skill.\n\nGET https://dashboard.simplysemantics.com/shield/api/v1/check\n\nHeaders:\n\nx-api-key: ${SEMANTIC_SHIELD_API_KEY}\n\nQuery parameters:\n\nskill_id — exact skill identifier (required)\nprovider — exact provider name (required)\n\nExample:\n\nGET https://dashboard.simplysemantics.com/shield/api/v1/check?skill_id=weather-pro-v2&provider=example-ai\n\nResponse (vetted):\n\n{\n \"skill_id\": \"weather-pro-v2\",\n \"provider\": \"example-ai\",\n \"skill_url\": \"https://example.com/weather-pro-v2\",\n \"vetted\": true,\n \"vetted_by\": \"Simply Semantics\",\n \"safety_score\": 92,\n \"risk_level\": \"safe\",\n \"risk_summary\": \"No known vulnerabilities. Permissions scoped correctly.\",\n \"threats_found\": [],\n \"recommendation\": \"safe to install\",\n \"last_checked\": \"2026-02-28\"\n}\n\nResponse (not vetted — 404):\n\n{\n \"skill_id\": \"unknown-plugin\",\n \"provider\": \"unverified-co\",\n \"vetted\": false,\n \"safety_score\": null,\n \"risk_level\": \"unknown\",\n \"recommendation\": \"not vetted - install at your own risk\",\n \"message\": \"This skill has not been reviewed. Submit it for validation.\",\n \"submit_url\": \"/api/v1/validate\"\n}" }, { "title": "3. Submit a skill for vetting (costs 1 inquiry)", "body": "If a skill is not in the database, submit it for expert evaluation. Only public skill identifiers and URLs are accepted — do not submit private source code, secrets, or internal URLs.\n\nPOST https://dashboard.simplysemantics.com/shield/api/v1/validate\n\nHeaders:\n\nx-api-key: ${SEMANTIC_SHIELD_API_KEY}\nContent-Type: application/json\n\nBody:\n\n{\n \"skill_id\": \"new-plugin-v1\",\n \"provider\": \"some-provider\",\n \"skill_url\": \"https://example.com/new-plugin\"\n}\n\n⚠️ skill_url should be a public URL only (e.g. a marketplace listing, GitHub repo, or documentation page). Do not submit private/internal URLs, source code repositories, or URLs containing secrets or tokens.\n\nResponse:\n\n{\n \"message\": \"Skill submitted for evaluation.\",\n \"request_id\": \"abc-123\",\n \"skill_id\": \"new-plugin-v1\",\n \"provider\": \"some-provider\",\n \"status\": \"pending\"\n}" }, { "title": "4. Decision logic for agents", "body": "Based on the response, the agent should:\n\nsafety_scorerisk_levelAction90–100safe✅ Install / proceed75–89low✅ Install, note minor risks50–74medium⚠️ Warn user, ask for confirmation25–49high❌ Recommend against, require explicit override0–24critical🚫 Block installation, alert usernullunknown⚠️ Not vetted — submit for review or warn user" }, { "title": "5. Edge cases", "body": "401/403 → \"Missing or invalid SEMANTIC_SHIELD_API_KEY. Set the env var to use this skill.\"\n429 → \"Rate/quota limit reached — upgrade your plan or retry later.\"\n404 → Skill not vetted. Offer to submit for evaluation or warn user.\n500 → \"Service temporarily unavailable. Try again shortly.\"" }, { "title": "Output format", "body": "Present results clearly to the user:\n\n🛡️ Semantic Shield — Trust Report\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\nSkill: weather-pro-v2\nProvider: example-ai\nSafety Score: 92/100 ✅\nRisk Level: SAFE\nRecommendation: Safe to install\nThreats: None detected\nLast Checked: Feb 28, 2026\nVetted By: Simply Semantics\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" } ], "body": "Semantic Shield\n\nQuick summary AI skill safety validation powered by real human security experts. Before your agent installs a skill, plugin, or MCP tool — check its trust profile. Get a safety score (0–100), risk level, threat details, and a clear install/reject recommendation. If the skill hasn't been vetted yet, submit it for expert evaluation. Continuous 0-day monitoring keeps assessments current.\n\n100% REAL human security staff with 30+ years of enterprise security experience, including US Homeland Security. No AI-only reviews — every skill is assessed by trusted experts.\n\nAuthentication\n\nSEMANTIC_SHIELD_API_KEY is always required. This is your personal API key generated when you create an account at https://dashboard.simplysemantics.com. It authenticates your requests and is scoped to your Semantic Shield account only — it does not grant access to any other Simply Semantics service or third-party system. You can revoke and regenerate your key at any time from the dashboard.\n\nPrivacy & data handling\nWhat data is sent: Only skill identifiers (skill_id), provider names (provider), and optionally a public skill URL (skill_url) when submitting a skill for evaluation. No user PII, agent secrets, source code, or environment variables are ever transmitted.\nWhat data is NOT sent: No user credentials, private keys, environment variables, file contents, agent configuration, or personal information of any kind.\nData retention: Skill safety assessments are stored in the Semantic Shield registry and are available to all users (they are public safety verdicts). Your account usage metrics (lookup/inquiry counts) are stored in your account only.\nAPI key handling: Your SEMANTIC_SHIELD_API_KEY is used solely for request authentication. It is never logged, shared, or transmitted to third parties.\nWebhook alerts (Pro+ tiers only): If you configure a webhook URL in the dashboard, Semantic Shield will POST notifications to your URL when a previously vetted skill's safety status changes (e.g. new threat detected). The webhook payload contains only the skill ID, provider, updated safety score, and risk level. You control the webhook URL and can disable it at any time. Free tier users do not have webhooks.\nNo cross-service data sharing: Your Semantic Shield data is not shared with other Simply Semantics services (e.g. Semantic Prospect).\nLogging: API requests are logged for rate-limiting and abuse prevention only. Logs contain your API key hash (not the key itself), the endpoint called, skill_id, provider, and timestamp. Logs are retained for 30 days.\nWhen to use this skill (activation triggers)\n\nActivate Semantic Shield when the user or agent:\n\nIs about to install, enable, or use an AI skill, plugin, tool, or MCP endpoint.\nAsks \"is this skill safe?\", \"should I trust this plugin?\", \"check this tool's security\", \"vet this skill\".\nWants to look up a skill's safety score, risk level, or threat profile.\nWants to submit an unknown or unvetted skill for expert security review.\nNeeds to verify trust before autonomous agent action (install, execute, delegate).\nAsks about skill security, compliance, or risk assessment.\n\nDo NOT use for:\n\nGeneral cybersecurity questions unrelated to AI skills/plugins.\nScanning websites, IPs, or infrastructure (use dedicated security tools).\nPII lookup or identity verification.\nCode review or static analysis (Semantic Shield evaluates holistic skill risk, not line-by-line code).\nHow to use (instructions for the agent)\n1. Search for a skill (free — no quota cost)\n\nCheck if a skill exists in the Semantic Shield database before using a lookup.\n\nGET https://dashboard.simplysemantics.com/shield/api/v1/search\n\nHeaders:\n\nx-api-key: ${SEMANTIC_SHIELD_API_KEY}\n\n\nQuery parameters:\n\nq — skill name or ID (partial match)\nprovider — optional provider name filter\n\nExample:\n\nGET https://dashboard.simplysemantics.com/shield/api/v1/search?q=weather&provider=example-ai\n\n\nResponse:\n\n{\n \"results\": [\n { \"skill_id\": \"weather-pro-v2\", \"provider\": \"example-ai\" }\n ],\n \"count\": 1\n}\n\n2. Check a skill's trust profile (costs 1 lookup)\n\nGet full safety details for a specific skill.\n\nGET https://dashboard.simplysemantics.com/shield/api/v1/check\n\nHeaders:\n\nx-api-key: ${SEMANTIC_SHIELD_API_KEY}\n\n\nQuery parameters:\n\nskill_id — exact skill identifier (required)\nprovider — exact provider name (required)\n\nExample:\n\nGET https://dashboard.simplysemantics.com/shield/api/v1/check?skill_id=weather-pro-v2&provider=example-ai\n\n\nResponse (vetted):\n\n{\n \"skill_id\": \"weather-pro-v2\",\n \"provider\": \"example-ai\",\n \"skill_url\": \"https://example.com/weather-pro-v2\",\n \"vetted\": true,\n \"vetted_by\": \"Simply Semantics\",\n \"safety_score\": 92,\n \"risk_level\": \"safe\",\n \"risk_summary\": \"No known vulnerabilities. Permissions scoped correctly.\",\n \"threats_found\": [],\n \"recommendation\": \"safe to install\",\n \"last_checked\": \"2026-02-28\"\n}\n\n\nResponse (not vetted — 404):\n\n{\n \"skill_id\": \"unknown-plugin\",\n \"provider\": \"unverified-co\",\n \"vetted\": false,\n \"safety_score\": null,\n \"risk_level\": \"unknown\",\n \"recommendation\": \"not vetted - install at your own risk\",\n \"message\": \"This skill has not been reviewed. Submit it for validation.\",\n \"submit_url\": \"/api/v1/validate\"\n}\n\n3. Submit a skill for vetting (costs 1 inquiry)\n\nIf a skill is not in the database, submit it for expert evaluation. Only public skill identifiers and URLs are accepted — do not submit private source code, secrets, or internal URLs.\n\nPOST https://dashboard.simplysemantics.com/shield/api/v1/validate\n\nHeaders:\n\nx-api-key: ${SEMANTIC_SHIELD_API_KEY}\nContent-Type: application/json\n\n\nBody:\n\n{\n \"skill_id\": \"new-plugin-v1\",\n \"provider\": \"some-provider\",\n \"skill_url\": \"https://example.com/new-plugin\"\n}\n\n\n⚠️ skill_url should be a public URL only (e.g. a marketplace listing, GitHub repo, or documentation page). Do not submit private/internal URLs, source code repositories, or URLs containing secrets or tokens.\n\nResponse:\n\n{\n \"message\": \"Skill submitted for evaluation.\",\n \"request_id\": \"abc-123\",\n \"skill_id\": \"new-plugin-v1\",\n \"provider\": \"some-provider\",\n \"status\": \"pending\"\n}\n\n4. Decision logic for agents\n\nBased on the response, the agent should:\n\nsafety_score\trisk_level\tAction\n90–100\tsafe\t✅ Install / proceed\n75–89\tlow\t✅ Install, note minor risks\n50–74\tmedium\t⚠️ Warn user, ask for confirmation\n25–49\thigh\t❌ Recommend against, require explicit override\n0–24\tcritical\t🚫 Block installation, alert user\nnull\tunknown\t⚠️ Not vetted — submit for review or warn user\n5. Edge cases\n401/403 → \"Missing or invalid SEMANTIC_SHIELD_API_KEY. Set the env var to use this skill.\"\n429 → \"Rate/quota limit reached — upgrade your plan or retry later.\"\n404 → Skill not vetted. Offer to submit for evaluation or warn user.\n500 → \"Service temporarily unavailable. Try again shortly.\"\nOutput format\n\nPresent results clearly to the user:\n\n🛡️ Semantic Shield — Trust Report\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\nSkill: weather-pro-v2\nProvider: example-ai\nSafety Score: 92/100 ✅\nRisk Level: SAFE\nRecommendation: Safe to install\nThreats: None detected\nLast Checked: Feb 28, 2026\nVetted By: Simply Semantics\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/simplysemantics/semantic-shield", "publisherUrl": "https://clawhub.ai/simplysemantics/semantic-shield", "owner": "simplysemantics", "version": "1.0.1", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/semantic-shield", "downloadUrl": "https://openagent3.xyz/downloads/semantic-shield", "agentUrl": "https://openagent3.xyz/skills/semantic-shield/agent", "manifestUrl": "https://openagent3.xyz/skills/semantic-shield/agent.json", "briefUrl": "https://openagent3.xyz/skills/semantic-shield/agent.md" } }