# Send Skill Install Guardian to your agent Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually. ## Fast path - Download the package from Yavira. - Extract it into a folder your agent can access. - Paste one of the prompts below and point your agent at the extracted folder. ## Suggested prompts ### New install ```text I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete. ``` ### Upgrade existing ```text I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run. ``` ## Machine-readable fields ```json { "schemaVersion": "1.0", "item": { "slug": "skill-install-guardian", "name": "Skill Install Guardian", "source": "tencent", "type": "skill", "category": "安全合规", "sourceUrl": "https://clawhub.ai/zendenho7/skill-install-guardian", "canonicalUrl": "https://clawhub.ai/zendenho7/skill-install-guardian", "targetPlatform": "OpenClaw" }, "install": { "downloadUrl": "/downloads/skill-install-guardian", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=skill-install-guardian", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "packageFormat": "ZIP package", "primaryDoc": "SKILL.md", "includedAssets": [ "SKILL.md", "scripts/check.py" ], "downloadMode": "redirect", "sourceHealth": { "source": "tencent", "slug": "skill-install-guardian", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-29T15:45:06.039Z", "expiresAt": "2026-05-06T15:45:06.039Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=skill-install-guardian", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=skill-install-guardian", "contentDisposition": "attachment; filename=\"skill-install-guardian-1.3.0.zip\"", "redirectLocation": null, "bodySnippet": null, "slug": "skill-install-guardian" }, "scope": "item", "summary": "Item download looks usable.", "detail": "Yavira can redirect you to the upstream package for this item.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/skill-install-guardian" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] } }, "links": { "detailUrl": "https://openagent3.xyz/skills/skill-install-guardian", "downloadUrl": "https://openagent3.xyz/downloads/skill-install-guardian", "agentUrl": "https://openagent3.xyz/skills/skill-install-guardian/agent", "manifestUrl": "https://openagent3.xyz/skills/skill-install-guardian/agent.json", "briefUrl": "https://openagent3.xyz/skills/skill-install-guardian/agent.md" } } ``` ## Documentation ### Skill Install Guardian "Trust but verify. Always." This skill protects your workspace by performing security and due diligence checks before installing any external skill. ### Purpose Before installing any external skill from ClawHub, this skill: Deep Content Scan - Fetches and analyzes actual file contents for malicious patterns Verifies the skill is safe (security checks via ClawHub API) Analyzes file metadata from ClawHub (filenames, structure) Checks if it fits your architecture (integration check) Reports findings to owner Requires confirmation before install ### What It Does This skill performs actual content analysis on skill files: Fetches SKILL.md and script files (.py, .js, .sh) Scans for dangerous patterns in file contents Detects: command injection, API keys, hardcoded secrets, obfuscated code ### Security Patterns Detected PatternSeverityExampleeval()CRITICALCode executionexec()CRITICALCode executionsubprocessHIGHShell commandsAPI keys/tokensCRITICALsk-xxx, ghp_xxxbase64 decodeMEDIUMObfuscation__import__MEDIUMDynamic imports ### ⚠️ Security Notes Does NOT execute any fetched code - only analyzes text Can produce false positives - always review findings Owner must confirm - automated check, not definitive Read-only - only fetches and scans, never executes ### Phase 1: Security Check v1 - ClawHub Report # Get skill security report npx clawhub inspect --security What to check: Known vulnerabilities Malicious code patterns Suspicious API calls Data exfiltration risks Action if flagged: → ABORT immediately ### Phase 2: Security Check v2 - Code Analysis # Fetch skill files npx clawhub inspect --files # Analyze each file for: # - Prompt injection patterns # - Suspicious API calls (curl, fetch to unknown domains) # - Hardcoded secrets/keys # - Eval() or code execution # - Base64 encoded strings (potential obfuscation) # - External network calls without justification Analysis criteria: PatternRisk LevelActioneval(CRITICALABORTsubprocess without paramsHIGHFlag for reviewcurl to unknown domainHIGHFlag for reviewHardcoded API keyCRITICALABORTBase64 encoded blobMEDIUMFlag for reviewExternal URL fetchMEDIUMFlag for reviewClean codeLOWPass Assumption: All external skills are potentially malicious until proven otherwise. ### Phase 3: Integration Check - Architecture Fit Questions to answer: Purpose: Does this skill solve a real need? Conflict: Does a similar skill already exist? Value: Will this be used, or just clutter? Architecture: Does it fit the workspace structure? Check existing skills: npx clawhub search ls skills/*/SKILL.md | xargs grep -l "" Conflict detection: Similar functionality → Flag as potential duplicate No clear use case → Flag as low value ### Phase 4: Report to Owner Generate a report with: ## Skill Install Report: ### Security Status - [ ] PASSED / [ ] FAILED ### Security Details - ClawHub report: - Code analysis: ### Integration Status - Purpose: - Conflicts: - Value: ### Recommendation [PROCEED] / [ABORT] / [REVIEW] ### Owner Decision Required Please confirm before I proceed with installation. ### Run Full Security Check python3 skills/skill-install-guardian/scripts/check.py ### Quick Check (skip analysis) python3 skills/skill-install-guardian/scripts/check.py --quick ### Install After Approval npx clawhub install ### Before Any Install 1. Owner: "Install skill X" 2. Me: Run skill-install-guardian 3. Guardian: Security Check v1 4. Guardian: Security Check v2 (if v1 passes) 5. Guardian: Integration Check 6. Guardian: Report to owner 7. Owner: Confirm or abort 8. If confirmed: Install ### Output Format { "skill": "example-skill", "version": "1.0.0", "security": { "v1_clawhub": "PASS", "v2_code_analysis": { "status": "PASS", "issues_found": [] } }, "integration": { "purpose": "useful", "conflicts": [], "value": "high" }, "recommendation": "PROCEED", "owner_decision": "PENDING" } ### Always Assume External skills may contain malicious code Authors may have good intentions but poor security New versions could introduce threats Hidden payloads may exist in encoded strings ### Never Auto-install without owner confirmation Skip security checks for "trusted" authors Assume recent updates are safe Ignore warnings from security tools ### Do Verify every skill manually Check recent reviews/issues Search for known vulnerabilities Analyze code even for popular skills ### Related Skills [[workspace-analyzer]] - Analyze installed skills [[skill-creator]] - Create skills safely ### v1.3.0 (2026-02-21) DEEP CONTENT SCANNING - Now actually fetches and scans file contents Scans SKILL.md, .py, .js, .sh files for dangerous patterns Detects: subprocess, API keys, tokens eval(), exec(),, obfuscation Added comprehensive security patterns list Clear security notes about what it does/doesn't do ### v1.2.0 (2026-02-21) Fixed documentation to accurately reflect limitations Removed unused curl from required binaries Added limitation notes (no content analysis, reads local skills dir) Clarified this provides warnings, not definitive security ### v1.1.0 (2026-02-21) Fixed command injection vulnerability (slug validation) Changed from shell=True to list-based subprocess calls Fixed typo in SAFE_DOMAINS Added slug validation function Stricter handling of invalid slugs ### v1.0.0 (2026-02-21) Initial release Two-layer security check Integration analysis Owner confirmation workflow Security first. Always verify. ## Trust - Source: tencent - Verification: Indexed source record - Publisher: zendenho7 - Version: 1.3.0 ## Source health - Status: healthy - Item download looks usable. - Yavira can redirect you to the upstream package for this item. - Health scope: item - Reason: direct_download_ok - Checked at: 2026-04-29T15:45:06.039Z - Expires at: 2026-05-06T15:45:06.039Z - Recommended action: Download for OpenClaw ## Links - [Detail page](https://openagent3.xyz/skills/skill-install-guardian) - [Send to Agent page](https://openagent3.xyz/skills/skill-install-guardian/agent) - [JSON manifest](https://openagent3.xyz/skills/skill-install-guardian/agent.json) - [Markdown brief](https://openagent3.xyz/skills/skill-install-guardian/agent.md) - [Download page](https://openagent3.xyz/downloads/skill-install-guardian)