Tencent SkillHub · Developer Tools

Vigil

AI agent safety guardrails for tool calls. Use when (1) you want to validate agent tool calls before execution, (2) building agents that run shell commands, file operations, or API calls, (3) adding a safety layer to any MCP server or agent framework, (4) auditing what your agents are doing. Catches destructive commands, SSRF, SQL injection, path traversal, data exfiltration, prompt injection, and credential leaks. Zero dependencies, under 2ms.

skill openclawclawhub Free

0 Downloads

0 Stars

0 Installs

0 Score

High Signal

⬇ 0 downloads ★ 0 stars Unverified but indexed

Install for OpenClaw

Quick setup

Download the package from Yavira.
Extract the archive and review SKILL.md first.
Import or place the package into your OpenClaw setup.

Requirements

Target platform: OpenClaw
Install method: Manual import
Extraction: Extract archive
Prerequisites: OpenClaw
Primary doc: SKILL.md

Package facts

Download mode: Yavira redirect
Package format: ZIP package
Source platform: Tencent SkillHub
What's included: SKILL.md, _meta.json, scripts/vigil-check.js

Validation

Use the Yavira download entry.
Review SKILL.md after the package is downloaded.
Confirm the extracted package contains the expected setup assets.

Install with your agent

Agent handoff

Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.

Download the package from Yavira.
Extract it into a folder your agent can access.
Paste one of the prompts below and point your agent at the extracted folder.

New install

I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.

Upgrade existing

I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.

Open Send to Agent page Open JSON manifest Open Markdown brief

Trust & source

Release facts

Source: Tencent SkillHub
Verification: Indexed source record
Version: 0.1.1

Provenance

Publisher: RobinOppenstam
Source page: View original listing
Canonical URL: Open canonical page

Documentation

ClawHub primary doc Primary doc: SKILL.md 9 sections Open source page

Vigil — Agent Safety Guardrails

Validates what AI agents DO, not what they SAY. Drop-in safety layer for any tool-calling agent.

Prerequisites

This skill requires the vigil-agent-safety npm package (12.3KB, Apache 2.0 license): npm install vigil-agent-safety Source code: https://github.com/hexitlabs/vigil npm: https://www.npmjs.com/package/vigil-agent-safety The npm package has zero runtime dependencies. This skill is a wrapper that calls that package.

Quick Start

import { checkAction } from 'vigil-agent-safety'; const result = checkAction({ agent: 'my-agent', tool: 'exec', params: { command: 'rm -rf /' }, }); // result.decision === "BLOCK" // result.reason === "Destructive command pattern" // result.latencyMs === 0.3

What It Catches

Destructive commands (rm -rf, mkfs, reverse shells) → BLOCK SSRF (metadata endpoints, localhost, internal IPs) → BLOCK Data exfiltration (curl to external, .ssh/id_rsa access) → BLOCK SQL injection (DROP TABLE, UNION SELECT) → BLOCK Path traversal (../../../etc/shadow) → BLOCK Prompt injection (ignore instructions, [INST] tags) → BLOCK Encoding attacks (base64 decode, eval(atob())) → BLOCK Credential leaks (API keys, AWS keys, tokens) → ESCALATE 22 rules. Zero dependencies. Under 2ms per check.

Modes

import { configure } from 'vigil-agent-safety'; // warn = log violations but don't block (recommended to start) configure({ mode: 'warn' }); // enforce = block dangerous calls configure({ mode: 'enforce' }); // log = silent logging only configure({ mode: 'log' });

Use with Clawdbot

Add Vigil as a safety layer for your agent tool calls. The scripts/vigil-check.js wrapper lets you validate from the command line: # Check a tool call node scripts/vigil-check.js exec '{"command":"rm -rf /"}' # → BLOCK: Destructive command pattern # Check a safe call node scripts/vigil-check.js read '{"path":"./README.md"}' # → ALLOW

Policies

Load built-in policy templates: import { loadPolicy } from 'vigil-agent-safety'; loadPolicy('restrictive'); // Tightest rules loadPolicy('moderate'); // Balanced (default) loadPolicy('permissive'); // Minimal blocking

CLI

npx vigil-agent-safety check --tool exec --params '{"command":"ls -la"}' npx vigil-agent-safety policies

Links

GitHub: https://github.com/hexitlabs/vigil npm: https://www.npmjs.com/package/vigil-agent-safety Docs: https://hexitlabs.com/vigil

Category context

Code helpers, APIs, CLIs, browser automation, testing, and developer operations.

Source: Tencent SkillHub

Largest current source with strong distribution and engagement signals.

Package contents

Included in package

1 Docs1 Scripts1 Config

SKILL.md Primary doc
scripts/vigil-check.js Scripts
_meta.json Config