{ "schemaVersion": "1.0", "item": { "slug": "skill-shield", "name": "Skill", "source": "tencent", "type": "skill", "category": "安全合规", "sourceUrl": "https://clawhub.ai/yx2601816404-sys/skill-shield", "canonicalUrl": "https://clawhub.ai/yx2601816404-sys/skill-shield", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/skill-shield", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=skill-shield", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md", "reports/report.json", "reports/report.md", "scripts/scan.py", "scripts/test_scan.py" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/skill-shield" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/skill-shield", "agentPageUrl": "https://openagent3.xyz/skills/skill-shield/agent", "manifestUrl": "https://openagent3.xyz/skills/skill-shield/agent.json", "briefUrl": "https://openagent3.xyz/skills/skill-shield/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Skill Shield v0.6.1 — Security Auditor", "body": "Scan any skill directory for permissions and dangerous patterns. Get a safety rating before you install." }, { "title": "Usage", "body": "Run the scanner on a skill directory:\n\npython3 scripts/scan.py /path/to/skill-directory" }, { "title": "SARIF Output (GitHub Code Scanning)", "body": "python3 scripts/scan.py /path/to/skill-directory --sarif" }, { "title": "Output", "body": "The script prints two blocks to stdout:\n\nA JSON report (between --- JSON START --- and --- JSON END --- markers)\nA Markdown report (between --- MD START --- and --- MD END --- markers)" }, { "title": "Save reports to files", "body": "python3 scripts/scan.py /path/to/skill-directory --output-dir /path/to/output\n\nThis creates report.json and report.md in the output directory." }, { "title": "Safety Ratings", "body": "GradeMeaningActionASafeInstall freelyBLow riskMinor concerns, generally safeCNeeds reviewReview flagged patterns before installingDHigh riskSignificant dangerous patterns detectedFDangerousDo not install without thorough manual review" }, { "title": "Detection Capabilities (65 patterns, 11 categories)", "body": "File deletion: rm -rf, shred, unlink, rmtree, rimraf, del /f (7 patterns)\nNetwork exfiltration: curl POST, wget --post, requests.post, fetch POST, netcat reverse shell, DNS exfil, pipe to curl, socat (9 patterns)\nEnvironment variable access: process.env, os.environ, .env files, printenv (5 patterns)\nSecret/key access: .ssh/, .gnupg/, private keys, wallets, tokens, passwords, keychain, cloud credentials (8 patterns)\nPrivilege escalation: sudo, su, chmod 777, chown, setuid/setgid, doas (6 patterns)\nCode execution: eval, exec(), Function(), child_process, subprocess, os.system, os.popen, compile (8 patterns)\nData collection: /etc/passwd, /etc/shadow, whoami, hostname, ifconfig, /proc/self (6 patterns)\nPersistence: crontab, systemd, rc.local, shell profile modification, autostart (5 patterns)\nObfuscation: long base64 strings, hex escapes, charCode, base64 decode, string reversal (5 patterns)\nCryptocurrency/mining: xmrig/minerd, mining pool URLs, wallet addresses (3 patterns)\nShell injection: backtick execution, pipe to shell, download-and-execute (3 patterns)" }, { "title": "Permission Declaration Audit (unique to skill-shield)", "body": "Compares tools declared in SKILL.md against tools actually used in code. Reports:\n\nUndeclared permissions with sensitivity scoring (1-5)\nUnused declared permissions\nDeclaration coverage ratio\nPer-tool risk recommendations" }, { "title": "Anti-Obfuscation Analysis", "body": "Automatically decodes base64 and hex-encoded content, then re-scans decoded output for dangerous patterns. Obfuscated findings receive elevated severity." }, { "title": "Context-Aware False Positive Reduction", "body": "Comments and docstrings: severity reduced by 2\nMarkdown code blocks in SKILL.md: severity reduced by 2 (examples, not real code)\nPattern definition lines in scanner source: skipped entirely\nOriginal vs adjusted severity shown in reports (e.g., \"Low (2←4)\")" }, { "title": "CWE References", "body": "Every detection pattern includes a CWE (Common Weakness Enumeration) reference for professional vulnerability classification." }, { "title": "Batch Scanning", "body": "Scan all skills in a directory at once with --batch:\n\npython3 scripts/scan.py /path/to/skills/ --batch\npython3 scripts/scan.py /path/to/skills/ --batch --json-summary\npython3 scripts/scan.py /path/to/skills/ --batch --json-summary -o /path/to/output" }, { "title": "Performance", "body": "Skips venv/node_modules/dist/.git directories automatically\nCaps at 200 script files per skill for safety\n164 skills scanned in ~8 seconds" }, { "title": "Output", "body": "Markdown table with summary stats and per-skill ratings (default)\nJSON summary with --json-summary flag for machine consumption\nWrites batch-summary.json when using -o" }, { "title": "GitHub Code Scanning Integration", "body": "Use --sarif flag to output SARIF 2.1.0 format, compatible with:\n\nGitHub Code Scanning (upload-sarif action)\nVS Code SARIF Viewer extension\nSARIF Web Viewer\n\npython3 scripts/scan.py /path/to/skill --sarif > report.sarif\npython3 scripts/scan.py /path/to/skill --sarif -o /path/to/output" }, { "title": "SARIF Features", "body": "Full rule definitions for all 65 detection patterns\nCWE taxonomy references (MITRE CWE 4.14)\nPartial fingerprints for deduplication across runs\nSecurity severity scores (2.0-10.0 scale)\nSkill-shield metadata in run properties (ratings, recommendation)" }, { "title": "String Literal Context Detection", "body": "Regex patterns and string constants inside security tools (scanners, auditors) are no longer flagged as dangerous code. The scanner now recognizes when a pattern like rm -rf or curl POST appears inside a string literal (quotes, regex, array) and reduces severity accordingly." }, { "title": "Ignore-Next-Line Support", "body": "Add # skill-shield: ignore-next-line above any line to suppress the next finding. Useful for known-safe patterns in security tools." }, { "title": "Results", "body": "5 security audit tools reclassified from F to A/C/D (agents-skill-security-audit, ai-skill-scanner, skulk-skill-scanner, aoi-prompt-injection-sentinel, aoi-sandbox-shield-lite)\n0 regressions on known-safe skills" }, { "title": "Security Rating (code safety)", "body": "Based purely on dangerous code patterns found in executable files. Not affected by permission declarations." }, { "title": "Compliance Rating (documentation quality)", "body": "Based on permission declaration completeness: does SKILL.md declare the tools actually used in code?" }, { "title": "Recommendation", "body": "Combines both ratings into an actionable recommendation:\n\ninstall — Security A/B + Compliance A/B\ninstall_with_review — Code is safe but permissions undeclared (likely poor docs, not malicious)\nreview_required — Security patterns flagged\ndo_not_install — Significant security concerns\ndocumentation_only — No executable code (pure SKILL.md guidance)" }, { "title": "False Positive Fixes (v0.3.0)", "body": "JS template literals (backticks) no longer flagged as shell execution\nVariable names (hostname, whoami) no longer flagged as commands\nShell script normal $VAR usage no longer floods findings\nos.environ.get(\"KEY\") / process.env.KEY reduced severity (standard practice)\n--disable-setuid-sandbox (browser flag) reduced severity\nDocumentation-only skills marked as N/A instead of getting A rating" }, { "title": "Exit Codes", "body": "CodeRatingsMeaning0A, BSafe to install1C, DReview recommended2FDo not install" }, { "title": "Support", "body": "Tips welcome: 0x6c730bDcfC762e23cE53aD991B75ab9852e87806 (Base)\nMoltbook: https://www.moltbook.com/u/Yuqian\nTwitter: @Yuqian0202" } ], "body": "Skill Shield v0.6.1 — Security Auditor\n\nScan any skill directory for permissions and dangerous patterns. Get a safety rating before you install.\n\nUsage\n\nRun the scanner on a skill directory:\n\npython3 scripts/scan.py /path/to/skill-directory\n\nSARIF Output (GitHub Code Scanning)\npython3 scripts/scan.py /path/to/skill-directory --sarif\n\nOutput\n\nThe script prints two blocks to stdout:\n\nA JSON report (between --- JSON START --- and --- JSON END --- markers)\nA Markdown report (between --- MD START --- and --- MD END --- markers)\nSave reports to files\npython3 scripts/scan.py /path/to/skill-directory --output-dir /path/to/output\n\n\nThis creates report.json and report.md in the output directory.\n\nSafety Ratings\nGrade\tMeaning\tAction\nA\tSafe\tInstall freely\nB\tLow risk\tMinor concerns, generally safe\nC\tNeeds review\tReview flagged patterns before installing\nD\tHigh risk\tSignificant dangerous patterns detected\nF\tDangerous\tDo not install without thorough manual review\nDetection Capabilities (65 patterns, 11 categories)\nFile deletion: rm -rf, shred, unlink, rmtree, rimraf, del /f (7 patterns)\nNetwork exfiltration: curl POST, wget --post, requests.post, fetch POST, netcat reverse shell, DNS exfil, pipe to curl, socat (9 patterns)\nEnvironment variable access: process.env, os.environ, .env files, printenv (5 patterns)\nSecret/key access: .ssh/, .gnupg/, private keys, wallets, tokens, passwords, keychain, cloud credentials (8 patterns)\nPrivilege escalation: sudo, su, chmod 777, chown, setuid/setgid, doas (6 patterns)\nCode execution: eval, exec(), Function(), child_process, subprocess, os.system, os.popen, compile (8 patterns)\nData collection: /etc/passwd, /etc/shadow, whoami, hostname, ifconfig, /proc/self (6 patterns)\nPersistence: crontab, systemd, rc.local, shell profile modification, autostart (5 patterns)\nObfuscation: long base64 strings, hex escapes, charCode, base64 decode, string reversal (5 patterns)\nCryptocurrency/mining: xmrig/minerd, mining pool URLs, wallet addresses (3 patterns)\nShell injection: backtick execution, pipe to shell, download-and-execute (3 patterns)\nKey Features\nPermission Declaration Audit (unique to skill-shield)\n\nCompares tools declared in SKILL.md against tools actually used in code. Reports:\n\nUndeclared permissions with sensitivity scoring (1-5)\nUnused declared permissions\nDeclaration coverage ratio\nPer-tool risk recommendations\nAnti-Obfuscation Analysis\n\nAutomatically decodes base64 and hex-encoded content, then re-scans decoded output for dangerous patterns. Obfuscated findings receive elevated severity.\n\nContext-Aware False Positive Reduction\nComments and docstrings: severity reduced by 2\nMarkdown code blocks in SKILL.md: severity reduced by 2 (examples, not real code)\nPattern definition lines in scanner source: skipped entirely\nOriginal vs adjusted severity shown in reports (e.g., \"Low (2←4)\")\nCWE References\n\nEvery detection pattern includes a CWE (Common Weakness Enumeration) reference for professional vulnerability classification.\n\nv0.6.0 — Batch Scan Mode\nBatch Scanning\n\nScan all skills in a directory at once with --batch:\n\npython3 scripts/scan.py /path/to/skills/ --batch\npython3 scripts/scan.py /path/to/skills/ --batch --json-summary\npython3 scripts/scan.py /path/to/skills/ --batch --json-summary -o /path/to/output\n\nPerformance\nSkips venv/node_modules/dist/.git directories automatically\nCaps at 200 script files per skill for safety\n164 skills scanned in ~8 seconds\nOutput\nMarkdown table with summary stats and per-skill ratings (default)\nJSON summary with --json-summary flag for machine consumption\nWrites batch-summary.json when using -o\nv0.5.0 — SARIF Output Format\nGitHub Code Scanning Integration\n\nUse --sarif flag to output SARIF 2.1.0 format, compatible with:\n\nGitHub Code Scanning (upload-sarif action)\nVS Code SARIF Viewer extension\nSARIF Web Viewer\npython3 scripts/scan.py /path/to/skill --sarif > report.sarif\npython3 scripts/scan.py /path/to/skill --sarif -o /path/to/output\n\nSARIF Features\nFull rule definitions for all 65 detection patterns\nCWE taxonomy references (MITRE CWE 4.14)\nPartial fingerprints for deduplication across runs\nSecurity severity scores (2.0-10.0 scale)\nSkill-shield metadata in run properties (ratings, recommendation)\nv0.4.0 — Security Tool False Positive Fix\nString Literal Context Detection\n\nRegex patterns and string constants inside security tools (scanners, auditors) are no longer flagged as dangerous code. The scanner now recognizes when a pattern like rm -rf or curl POST appears inside a string literal (quotes, regex, array) and reduces severity accordingly.\n\nIgnore-Next-Line Support\n\nAdd # skill-shield: ignore-next-line above any line to suppress the next finding. Useful for known-safe patterns in security tools.\n\nResults\n5 security audit tools reclassified from F to A/C/D (agents-skill-security-audit, ai-skill-scanner, skulk-skill-scanner, aoi-prompt-injection-sentinel, aoi-sandbox-shield-lite)\n0 regressions on known-safe skills\nv0.3.0 — Dual Rating System\nSecurity Rating (code safety)\n\nBased purely on dangerous code patterns found in executable files. Not affected by permission declarations.\n\nCompliance Rating (documentation quality)\n\nBased on permission declaration completeness: does SKILL.md declare the tools actually used in code?\n\nRecommendation\n\nCombines both ratings into an actionable recommendation:\n\ninstall — Security A/B + Compliance A/B\ninstall_with_review — Code is safe but permissions undeclared (likely poor docs, not malicious)\nreview_required — Security patterns flagged\ndo_not_install — Significant security concerns\ndocumentation_only — No executable code (pure SKILL.md guidance)\nFalse Positive Fixes (v0.3.0)\nJS template literals (backticks) no longer flagged as shell execution\nVariable names (hostname, whoami) no longer flagged as commands\nShell script normal $VAR usage no longer floods findings\nos.environ.get(\"KEY\") / process.env.KEY reduced severity (standard practice)\n--disable-setuid-sandbox (browser flag) reduced severity\nDocumentation-only skills marked as N/A instead of getting A rating\nExit Codes\nCode\tRatings\tMeaning\n0\tA, B\tSafe to install\n1\tC, D\tReview recommended\n2\tF\tDo not install\nSupport\n\nTips welcome: 0x6c730bDcfC762e23cE53aD991B75ab9852e87806 (Base) Moltbook: https://www.moltbook.com/u/Yuqian Twitter: @Yuqian0202" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/yx2601816404-sys/skill-shield", "publisherUrl": "https://clawhub.ai/yx2601816404-sys/skill-shield", "owner": "yx2601816404-sys", "version": "0.6.1", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/skill-shield", "downloadUrl": "https://openagent3.xyz/downloads/skill-shield", "agentUrl": "https://openagent3.xyz/skills/skill-shield/agent", "manifestUrl": "https://openagent3.xyz/skills/skill-shield/agent.json", "briefUrl": "https://openagent3.xyz/skills/skill-shield/agent.md" } }