{ "schemaVersion": "1.0", "item": { "slug": "skill-install-guardian", "name": "Skill Install Guardian", "source": "tencent", "type": "skill", "category": "安全合规", "sourceUrl": "https://clawhub.ai/zendenho7/skill-install-guardian", "canonicalUrl": "https://clawhub.ai/zendenho7/skill-install-guardian", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/skill-install-guardian", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=skill-install-guardian", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md", "scripts/check.py" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/skill-install-guardian" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/skill-install-guardian", "agentPageUrl": "https://openagent3.xyz/skills/skill-install-guardian/agent", "manifestUrl": "https://openagent3.xyz/skills/skill-install-guardian/agent.json", "briefUrl": "https://openagent3.xyz/skills/skill-install-guardian/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Skill Install Guardian", "body": "\"Trust but verify. Always.\"\n\nThis skill protects your workspace by performing security and due diligence checks before installing any external skill." }, { "title": "Purpose", "body": "Before installing any external skill from ClawHub, this skill:\n\nDeep Content Scan - Fetches and analyzes actual file contents for malicious patterns\nVerifies the skill is safe (security checks via ClawHub API)\nAnalyzes file metadata from ClawHub (filenames, structure)\nChecks if it fits your architecture (integration check)\nReports findings to owner\nRequires confirmation before install" }, { "title": "What It Does", "body": "This skill performs actual content analysis on skill files:\n\nFetches SKILL.md and script files (.py, .js, .sh)\nScans for dangerous patterns in file contents\nDetects: command injection, API keys, hardcoded secrets, obfuscated code" }, { "title": "Security Patterns Detected", "body": "PatternSeverityExampleeval()CRITICALCode executionexec()CRITICALCode executionsubprocessHIGHShell commandsAPI keys/tokensCRITICALsk-xxx, ghp_xxxbase64 decodeMEDIUMObfuscation__import__MEDIUMDynamic imports" }, { "title": "⚠️ Security Notes", "body": "Does NOT execute any fetched code - only analyzes text\nCan produce false positives - always review findings\nOwner must confirm - automated check, not definitive\nRead-only - only fetches and scans, never executes" }, { "title": "Phase 1: Security Check v1 - ClawHub Report", "body": "# Get skill security report\nnpx clawhub inspect --security\n\nWhat to check:\n\nKnown vulnerabilities\nMalicious code patterns\nSuspicious API calls\nData exfiltration risks\n\nAction if flagged: → ABORT immediately" }, { "title": "Phase 2: Security Check v2 - Code Analysis", "body": "# Fetch skill files\nnpx clawhub inspect --files\n\n# Analyze each file for:\n# - Prompt injection patterns\n# - Suspicious API calls (curl, fetch to unknown domains)\n# - Hardcoded secrets/keys\n# - Eval() or code execution\n# - Base64 encoded strings (potential obfuscation)\n# - External network calls without justification\n\nAnalysis criteria:\n\nPatternRisk LevelActioneval(CRITICALABORTsubprocess without paramsHIGHFlag for reviewcurl to unknown domainHIGHFlag for reviewHardcoded API keyCRITICALABORTBase64 encoded blobMEDIUMFlag for reviewExternal URL fetchMEDIUMFlag for reviewClean codeLOWPass\n\nAssumption: All external skills are potentially malicious until proven otherwise." }, { "title": "Phase 3: Integration Check - Architecture Fit", "body": "Questions to answer:\n\nPurpose: Does this skill solve a real need?\nConflict: Does a similar skill already exist?\nValue: Will this be used, or just clutter?\nArchitecture: Does it fit the workspace structure?\n\nCheck existing skills:\n\nnpx clawhub search \nls skills/*/SKILL.md | xargs grep -l \"\"\n\nConflict detection:\n\nSimilar functionality → Flag as potential duplicate\nNo clear use case → Flag as low value" }, { "title": "Phase 4: Report to Owner", "body": "Generate a report with:\n\n## Skill Install Report: \n\n### Security Status\n- [ ] PASSED / [ ] FAILED\n\n### Security Details\n- ClawHub report: \n- Code analysis: \n\n### Integration Status\n- Purpose: \n- Conflicts: \n- Value: \n\n### Recommendation\n[PROCEED] / [ABORT] / [REVIEW]\n\n### Owner Decision Required\nPlease confirm before I proceed with installation." }, { "title": "Run Full Security Check", "body": "python3 skills/skill-install-guardian/scripts/check.py " }, { "title": "Quick Check (skip analysis)", "body": "python3 skills/skill-install-guardian/scripts/check.py --quick" }, { "title": "Install After Approval", "body": "npx clawhub install " }, { "title": "Before Any Install", "body": "1. Owner: \"Install skill X\"\n2. Me: Run skill-install-guardian\n3. Guardian: Security Check v1\n4. Guardian: Security Check v2 (if v1 passes)\n5. Guardian: Integration Check\n6. Guardian: Report to owner\n7. Owner: Confirm or abort\n8. If confirmed: Install" }, { "title": "Output Format", "body": "{\n \"skill\": \"example-skill\",\n \"version\": \"1.0.0\",\n \"security\": {\n \"v1_clawhub\": \"PASS\",\n \"v2_code_analysis\": {\n \"status\": \"PASS\",\n \"issues_found\": []\n }\n },\n \"integration\": {\n \"purpose\": \"useful\",\n \"conflicts\": [],\n \"value\": \"high\"\n },\n \"recommendation\": \"PROCEED\",\n \"owner_decision\": \"PENDING\"\n}" }, { "title": "Always Assume", "body": "External skills may contain malicious code\nAuthors may have good intentions but poor security\nNew versions could introduce threats\nHidden payloads may exist in encoded strings" }, { "title": "Never", "body": "Auto-install without owner confirmation\nSkip security checks for \"trusted\" authors\nAssume recent updates are safe\nIgnore warnings from security tools" }, { "title": "Do", "body": "Verify every skill manually\nCheck recent reviews/issues\nSearch for known vulnerabilities\nAnalyze code even for popular skills" }, { "title": "Related Skills", "body": "[[workspace-analyzer]] - Analyze installed skills\n[[skill-creator]] - Create skills safely" }, { "title": "v1.3.0 (2026-02-21)", "body": "DEEP CONTENT SCANNING - Now actually fetches and scans file contents\nScans SKILL.md, .py, .js, .sh files for dangerous patterns\nDetects: subprocess, API keys, tokens eval(), exec(),, obfuscation\nAdded comprehensive security patterns list\nClear security notes about what it does/doesn't do" }, { "title": "v1.2.0 (2026-02-21)", "body": "Fixed documentation to accurately reflect limitations\nRemoved unused curl from required binaries\nAdded limitation notes (no content analysis, reads local skills dir)\nClarified this provides warnings, not definitive security" }, { "title": "v1.1.0 (2026-02-21)", "body": "Fixed command injection vulnerability (slug validation)\nChanged from shell=True to list-based subprocess calls\nFixed typo in SAFE_DOMAINS\nAdded slug validation function\nStricter handling of invalid slugs" }, { "title": "v1.0.0 (2026-02-21)", "body": "Initial release\nTwo-layer security check\nIntegration analysis\nOwner confirmation workflow\n\nSecurity first. Always verify." } ], "body": "Skill Install Guardian\n\n\"Trust but verify. Always.\"\n\nThis skill protects your workspace by performing security and due diligence checks before installing any external skill.\n\nPurpose\n\nBefore installing any external skill from ClawHub, this skill:\n\nDeep Content Scan - Fetches and analyzes actual file contents for malicious patterns\nVerifies the skill is safe (security checks via ClawHub API)\nAnalyzes file metadata from ClawHub (filenames, structure)\nChecks if it fits your architecture (integration check)\nReports findings to owner\nRequires confirmation before install\nDeep Content Scanning\nWhat It Does\n\nThis skill performs actual content analysis on skill files:\n\nFetches SKILL.md and script files (.py, .js, .sh)\nScans for dangerous patterns in file contents\nDetects: command injection, API keys, hardcoded secrets, obfuscated code\nSecurity Patterns Detected\nPattern\tSeverity\tExample\neval()\tCRITICAL\tCode execution\nexec()\tCRITICAL\tCode execution\nsubprocess\tHIGH\tShell commands\nAPI keys/tokens\tCRITICAL\tsk-xxx, ghp_xxx\nbase64 decode\tMEDIUM\tObfuscation\n__import__\tMEDIUM\tDynamic imports\n⚠️ Security Notes\nDoes NOT execute any fetched code - only analyzes text\nCan produce false positives - always review findings\nOwner must confirm - automated check, not definitive\nRead-only - only fetches and scans, never executes\nWorkflow\nPhase 1: Security Check v1 - ClawHub Report\n# Get skill security report\nnpx clawhub inspect --security\n\n\nWhat to check:\n\nKnown vulnerabilities\nMalicious code patterns\nSuspicious API calls\nData exfiltration risks\n\nAction if flagged: → ABORT immediately\n\nPhase 2: Security Check v2 - Code Analysis\n# Fetch skill files\nnpx clawhub inspect --files\n\n# Analyze each file for:\n# - Prompt injection patterns\n# - Suspicious API calls (curl, fetch to unknown domains)\n# - Hardcoded secrets/keys\n# - Eval() or code execution\n# - Base64 encoded strings (potential obfuscation)\n# - External network calls without justification\n\n\nAnalysis criteria:\n\nPattern\tRisk Level\tAction\neval(\tCRITICAL\tABORT\nsubprocess without params\tHIGH\tFlag for review\ncurl to unknown domain\tHIGH\tFlag for review\nHardcoded API key\tCRITICAL\tABORT\nBase64 encoded blob\tMEDIUM\tFlag for review\nExternal URL fetch\tMEDIUM\tFlag for review\nClean code\tLOW\tPass\n\nAssumption: All external skills are potentially malicious until proven otherwise.\n\nPhase 3: Integration Check - Architecture Fit\n\nQuestions to answer:\n\nPurpose: Does this skill solve a real need?\nConflict: Does a similar skill already exist?\nValue: Will this be used, or just clutter?\nArchitecture: Does it fit the workspace structure?\n\nCheck existing skills:\n\nnpx clawhub search \nls skills/*/SKILL.md | xargs grep -l \"\"\n\n\nConflict detection:\n\nSimilar functionality → Flag as potential duplicate\nNo clear use case → Flag as low value\nPhase 4: Report to Owner\n\nGenerate a report with:\n\n## Skill Install Report: \n\n### Security Status\n- [ ] PASSED / [ ] FAILED\n\n### Security Details\n- ClawHub report: \n- Code analysis: \n\n### Integration Status\n- Purpose: \n- Conflicts: \n- Value: \n\n### Recommendation\n[PROCEED] / [ABORT] / [REVIEW]\n\n### Owner Decision Required\nPlease confirm before I proceed with installation.\n\nUsage\nRun Full Security Check\npython3 skills/skill-install-guardian/scripts/check.py \n\nQuick Check (skip analysis)\npython3 skills/skill-install-guardian/scripts/check.py --quick\n\nInstall After Approval\nnpx clawhub install \n\nIntegration with Workflow\nBefore Any Install\n1. Owner: \"Install skill X\"\n2. Me: Run skill-install-guardian\n3. Guardian: Security Check v1\n4. Guardian: Security Check v2 (if v1 passes)\n5. Guardian: Integration Check\n6. Guardian: Report to owner\n7. Owner: Confirm or abort\n8. If confirmed: Install\n\nOutput Format\n{\n \"skill\": \"example-skill\",\n \"version\": \"1.0.0\",\n \"security\": {\n \"v1_clawhub\": \"PASS\",\n \"v2_code_analysis\": {\n \"status\": \"PASS\",\n \"issues_found\": []\n }\n },\n \"integration\": {\n \"purpose\": \"useful\",\n \"conflicts\": [],\n \"value\": \"high\"\n },\n \"recommendation\": \"PROCEED\",\n \"owner_decision\": \"PENDING\"\n}\n\nSafety Principles\nAlways Assume\nExternal skills may contain malicious code\nAuthors may have good intentions but poor security\nNew versions could introduce threats\nHidden payloads may exist in encoded strings\nNever\nAuto-install without owner confirmation\nSkip security checks for \"trusted\" authors\nAssume recent updates are safe\nIgnore warnings from security tools\nDo\nVerify every skill manually\nCheck recent reviews/issues\nSearch for known vulnerabilities\nAnalyze code even for popular skills\nRelated Skills\n[[workspace-analyzer]] - Analyze installed skills\n[[skill-creator]] - Create skills safely\nChangelog\nv1.3.0 (2026-02-21)\nDEEP CONTENT SCANNING - Now actually fetches and scans file contents\nScans SKILL.md, .py, .js, .sh files for dangerous patterns\nDetects: subprocess, API keys, tokens eval(), exec(),, obfuscation\nAdded comprehensive security patterns list\nClear security notes about what it does/doesn't do\nv1.2.0 (2026-02-21)\nFixed documentation to accurately reflect limitations\nRemoved unused curl from required binaries\nAdded limitation notes (no content analysis, reads local skills dir)\nClarified this provides warnings, not definitive security\nv1.1.0 (2026-02-21)\nFixed command injection vulnerability (slug validation)\nChanged from shell=True to list-based subprocess calls\nFixed typo in SAFE_DOMAINS\nAdded slug validation function\nStricter handling of invalid slugs\nv1.0.0 (2026-02-21)\nInitial release\nTwo-layer security check\nIntegration analysis\nOwner confirmation workflow\n\nSecurity first. Always verify." }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/zendenho7/skill-install-guardian", "publisherUrl": "https://clawhub.ai/zendenho7/skill-install-guardian", "owner": "zendenho7", "version": "1.3.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/skill-install-guardian", "downloadUrl": "https://openagent3.xyz/downloads/skill-install-guardian", "agentUrl": "https://openagent3.xyz/skills/skill-install-guardian/agent", "manifestUrl": "https://openagent3.xyz/skills/skill-install-guardian/agent.json", "briefUrl": "https://openagent3.xyz/skills/skill-install-guardian/agent.md" } }