2.5k
GitHub Stars
2
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill openclaw/skills --skill arc-skill-differ- _meta.json288 B
- SKILL.md2.2 KB
Overview
This skill compares two versions of an OpenClaw skill to surface security-relevant changes before updating. It highlights new capabilities, file-level changes, and gives a simple safety recommendation (SAFE, REVIEW, BLOCK). Use it as a lightweight gate to avoid unintentionally installing malicious or risky updates.
How this skill works
The tool analyzes the old and new skill directories to detect introductions of network access, credential reads, filesystem operations, code execution patterns, data exfiltration, and obfuscation. It reports added, removed, and modified files, marks security-relevant diffs, and summarizes whether the new version introduces capabilities the previous version lacked. Output can be a detailed diff, JSON for automation, or a terse summary for quick decisions.
When to use it
- Before updating any third-party skill from an external source
- When applying a patch that claims only small fixes but could add new behavior
- As part of a CI pipeline to block risky skill updates automatically
- When an update adds new files or scripts you did not expect
- When a previously audited skill suddenly changes network or credential access
Best practices
- Always diff a new version against the installed version before updating
- Scan the new version with a static skill scanner and then diff to catch new patterns
- Treat any new credential, filesystem, or exec capability as REVIEW or BLOCK until audited
- Prefer JSON output for automated gates and use summary mode for human triage
- Pay special attention to newly added files and obfuscated or encoded content
Example use cases
- Compare v1.0 (audited) to v1.1 to confirm no new network or credential access was introduced
- Integrate into CI so any update that adds exec/eval patterns is flagged and blocked
- Generate a quick summary for an admin to decide whether to accept a community-contributed patch
- Export JSON diffs to a ticketing system for manual security review
- Detect when a bug-fix update unexpectedly adds outbound POST requests or new scripts
FAQ
SAFE means no new security-relevant capabilities were detected. REVIEW means new capabilities were added that require a human read of the changes. BLOCK means critical capabilities like credential access or arbitrary code execution were introduced and need a manual audit.
Can it detect obfuscated malicious payloads?
It flags newly added obfuscated or encoded content and unusual changes, but opaque obfuscation may require manual inspection or additional static analysis tools.