# Send Semantic Shield to your agent
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
## Fast path
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
## Suggested prompts
### New install

```text
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.
```
### Upgrade existing

```text
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.
```
## Machine-readable fields
```json
{
  "schemaVersion": "1.0",
  "item": {
    "slug": "semantic-shield",
    "name": "Semantic Shield",
    "source": "tencent",
    "type": "skill",
    "category": "开发工具",
    "sourceUrl": "https://clawhub.ai/simplysemantics/semantic-shield",
    "canonicalUrl": "https://clawhub.ai/simplysemantics/semantic-shield",
    "targetPlatform": "OpenClaw"
  },
  "install": {
    "downloadUrl": "/downloads/semantic-shield",
    "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=semantic-shield",
    "sourcePlatform": "tencent",
    "targetPlatform": "OpenClaw",
    "packageFormat": "ZIP package",
    "primaryDoc": "SKILL.md",
    "includedAssets": [
      "LISTING.txt",
      "clawhub.json",
      "SKILL.md",
      "CHANGELOG.txt",
      "LICENSE.txt"
    ],
    "downloadMode": "redirect",
    "sourceHealth": {
      "source": "tencent",
      "slug": "semantic-shield",
      "status": "healthy",
      "reason": "direct_download_ok",
      "recommendedAction": "download",
      "checkedAt": "2026-05-08T14:57:11.216Z",
      "expiresAt": "2026-05-15T14:57:11.216Z",
      "httpStatus": 200,
      "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=semantic-shield",
      "contentType": "application/zip",
      "probeMethod": "head",
      "details": {
        "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=semantic-shield",
        "contentDisposition": "attachment; filename=\"semantic-shield-1.0.1.zip\"",
        "redirectLocation": null,
        "bodySnippet": null,
        "slug": "semantic-shield"
      },
      "scope": "item",
      "summary": "Item download looks usable.",
      "detail": "Yavira can redirect you to the upstream package for this item.",
      "primaryActionLabel": "Download for OpenClaw",
      "primaryActionHref": "/downloads/semantic-shield"
    },
    "validation": {
      "installChecklist": [
        "Use the Yavira download entry.",
        "Review SKILL.md after the package is downloaded.",
        "Confirm the extracted package contains the expected setup assets."
      ],
      "postInstallChecks": [
        "Confirm the extracted package includes the expected docs or setup files.",
        "Validate the skill or prompts are available in your target agent workspace.",
        "Capture any manual follow-up steps the agent could not complete."
      ]
    }
  },
  "links": {
    "detailUrl": "https://openagent3.xyz/skills/semantic-shield",
    "downloadUrl": "https://openagent3.xyz/downloads/semantic-shield",
    "agentUrl": "https://openagent3.xyz/skills/semantic-shield/agent",
    "manifestUrl": "https://openagent3.xyz/skills/semantic-shield/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/semantic-shield/agent.md"
  }
}
```
## Documentation

### Semantic Shield

Quick summary
AI skill safety validation powered by real human security experts. Before your agent installs a skill, plugin, or MCP tool — check its trust profile. Get a safety score (0–100), risk level, threat details, and a clear install/reject recommendation. If the skill hasn't been vetted yet, submit it for expert evaluation. Continuous 0-day monitoring keeps assessments current.

100% REAL human security staff with 30+ years of enterprise security experience, including US Homeland Security. No AI-only reviews — every skill is assessed by trusted experts.

### Authentication

SEMANTIC_SHIELD_API_KEY is always required. This is your personal API key generated when you create an account at https://dashboard.simplysemantics.com. It authenticates your requests and is scoped to your Semantic Shield account only — it does not grant access to any other Simply Semantics service or third-party system. You can revoke and regenerate your key at any time from the dashboard.

### Privacy & data handling

What data is sent: Only skill identifiers (skill_id), provider names (provider), and optionally a public skill URL (skill_url) when submitting a skill for evaluation. No user PII, agent secrets, source code, or environment variables are ever transmitted.
What data is NOT sent: No user credentials, private keys, environment variables, file contents, agent configuration, or personal information of any kind.
Data retention: Skill safety assessments are stored in the Semantic Shield registry and are available to all users (they are public safety verdicts). Your account usage metrics (lookup/inquiry counts) are stored in your account only.
API key handling: Your SEMANTIC_SHIELD_API_KEY is used solely for request authentication. It is never logged, shared, or transmitted to third parties.
Webhook alerts (Pro+ tiers only): If you configure a webhook URL in the dashboard, Semantic Shield will POST notifications to your URL when a previously vetted skill's safety status changes (e.g. new threat detected). The webhook payload contains only the skill ID, provider, updated safety score, and risk level. You control the webhook URL and can disable it at any time. Free tier users do not have webhooks.
No cross-service data sharing: Your Semantic Shield data is not shared with other Simply Semantics services (e.g. Semantic Prospect).
Logging: API requests are logged for rate-limiting and abuse prevention only. Logs contain your API key hash (not the key itself), the endpoint called, skill_id, provider, and timestamp. Logs are retained for 30 days.

### When to use this skill (activation triggers)

Activate Semantic Shield when the user or agent:

Is about to install, enable, or use an AI skill, plugin, tool, or MCP endpoint.
Asks "is this skill safe?", "should I trust this plugin?", "check this tool's security", "vet this skill".
Wants to look up a skill's safety score, risk level, or threat profile.
Wants to submit an unknown or unvetted skill for expert security review.
Needs to verify trust before autonomous agent action (install, execute, delegate).
Asks about skill security, compliance, or risk assessment.

Do NOT use for:

General cybersecurity questions unrelated to AI skills/plugins.
Scanning websites, IPs, or infrastructure (use dedicated security tools).
PII lookup or identity verification.
Code review or static analysis (Semantic Shield evaluates holistic skill risk, not line-by-line code).

### 1. Search for a skill (free — no quota cost)

Check if a skill exists in the Semantic Shield database before using a lookup.

GET https://dashboard.simplysemantics.com/shield/api/v1/search

Headers:

x-api-key: ${SEMANTIC_SHIELD_API_KEY}

Query parameters:

q — skill name or ID (partial match)
provider — optional provider name filter

Example:

GET https://dashboard.simplysemantics.com/shield/api/v1/search?q=weather&provider=example-ai

Response:

{
  "results": [
    { "skill_id": "weather-pro-v2", "provider": "example-ai" }
  ],
  "count": 1
}

### 2. Check a skill's trust profile (costs 1 lookup)

Get full safety details for a specific skill.

GET https://dashboard.simplysemantics.com/shield/api/v1/check

Headers:

x-api-key: ${SEMANTIC_SHIELD_API_KEY}

Query parameters:

skill_id — exact skill identifier (required)
provider — exact provider name (required)

Example:

GET https://dashboard.simplysemantics.com/shield/api/v1/check?skill_id=weather-pro-v2&provider=example-ai

Response (vetted):

{
  "skill_id": "weather-pro-v2",
  "provider": "example-ai",
  "skill_url": "https://example.com/weather-pro-v2",
  "vetted": true,
  "vetted_by": "Simply Semantics",
  "safety_score": 92,
  "risk_level": "safe",
  "risk_summary": "No known vulnerabilities. Permissions scoped correctly.",
  "threats_found": [],
  "recommendation": "safe to install",
  "last_checked": "2026-02-28"
}

Response (not vetted — 404):

{
  "skill_id": "unknown-plugin",
  "provider": "unverified-co",
  "vetted": false,
  "safety_score": null,
  "risk_level": "unknown",
  "recommendation": "not vetted - install at your own risk",
  "message": "This skill has not been reviewed. Submit it for validation.",
  "submit_url": "/api/v1/validate"
}

### 3. Submit a skill for vetting (costs 1 inquiry)

If a skill is not in the database, submit it for expert evaluation. Only public skill identifiers and URLs are accepted — do not submit private source code, secrets, or internal URLs.

POST https://dashboard.simplysemantics.com/shield/api/v1/validate

Headers:

x-api-key: ${SEMANTIC_SHIELD_API_KEY}
Content-Type: application/json

Body:

{
  "skill_id": "new-plugin-v1",
  "provider": "some-provider",
  "skill_url": "https://example.com/new-plugin"
}

⚠️ skill_url should be a public URL only (e.g. a marketplace listing, GitHub repo, or documentation page). Do not submit private/internal URLs, source code repositories, or URLs containing secrets or tokens.

Response:

{
  "message": "Skill submitted for evaluation.",
  "request_id": "abc-123",
  "skill_id": "new-plugin-v1",
  "provider": "some-provider",
  "status": "pending"
}

### 4. Decision logic for agents

Based on the response, the agent should:

safety_scorerisk_levelAction90–100safe✅ Install / proceed75–89low✅ Install, note minor risks50–74medium⚠️ Warn user, ask for confirmation25–49high❌ Recommend against, require explicit override0–24critical🚫 Block installation, alert usernullunknown⚠️ Not vetted — submit for review or warn user

### 5. Edge cases

401/403 → "Missing or invalid SEMANTIC_SHIELD_API_KEY. Set the env var to use this skill."
429 → "Rate/quota limit reached — upgrade your plan or retry later."
404 → Skill not vetted. Offer to submit for evaluation or warn user.
500 → "Service temporarily unavailable. Try again shortly."

### Output format

Present results clearly to the user:

🛡️ Semantic Shield — Trust Report
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Skill:          weather-pro-v2
Provider:       example-ai
Safety Score:   92/100 ✅
Risk Level:     SAFE
Recommendation: Safe to install
Threats:        None detected
Last Checked:   Feb 28, 2026
Vetted By:      Simply Semantics
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
## Trust
- Source: tencent
- Verification: Indexed source record
- Publisher: simplysemantics
- Version: 1.0.1
## Source health
- Status: healthy
- Item download looks usable.
- Yavira can redirect you to the upstream package for this item.
- Health scope: item
- Reason: direct_download_ok
- Checked at: 2026-05-08T14:57:11.216Z
- Expires at: 2026-05-15T14:57:11.216Z
- Recommended action: Download for OpenClaw
## Links
- [Detail page](https://openagent3.xyz/skills/semantic-shield)
- [Send to Agent page](https://openagent3.xyz/skills/semantic-shield/agent)
- [JSON manifest](https://openagent3.xyz/skills/semantic-shield/agent.json)
- [Markdown brief](https://openagent3.xyz/skills/semantic-shield/agent.md)
- [Download page](https://openagent3.xyz/downloads/semantic-shield)