skill-shield_skill

This skill analyzes a skill directory for security and compliance, delivering a safety rating and actionable recommendations before installation.
  • Python

2.5k

GitHub Stars

2

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill openclaw/skills --skill skill-shield

  • _meta.json633 B
  • SKILL.md7.0 KB

Overview

This skill is a security audit tool that scans a skill directory for dangerous patterns, permission mismatches, and obfuscation. It provides separate Security and Compliance ratings and produces JSON and Markdown reports to guide install decisions. v0.3.0 improves false-positive filtering and marks documentation-only skills distinctly.

How this skill works

The scanner walks the skill directory and applies 65 detection patterns across categories like code execution, network exfiltration, file deletion, secrets access, persistence, and obfuscation. It decodes common encodings, re-scans decoded content, and rates findings with CWE references and adjusted severities based on context. A permission-declaration audit compares tools used in code against those listed in the skill documentation, producing a Compliance rating separate from the Security rating.

When to use it

  • Before installing a new skill to get a safety recommendation
  • During code reviews to surface dangerous patterns and undocumented permissions
  • As part of an audit to verify declared permissions versus actual usage
  • When validating archived or third-party skills for safe inclusion
  • To detect obfuscated payloads or hidden behaviors in packages

Best practices

  • Run the scanner locally on the extracted skill directory before installation
  • Review 'install_with_review' or 'review_required' findings manually and verify context
  • Keep documented tool and permission lists up to date so Compliance rating reflects reality
  • Treat obfuscated or decoded matches with higher severity and investigate immediately
  • Use the JSON output to integrate findings into CI or automated review pipelines

Example use cases

  • Automated pre-install hook that blocks installation on 'do_not_install' verdicts
  • Periodic audit of archived skill collections to flag new high-risk findings
  • Developer workflow check that warns when code uses undeclared external tools or environment access
  • Security triage: prioritize remediation by CWE, severity, and whether detection came from decoded content

FAQ

Security rates executable code patterns found in files; Compliance measures whether tools used by the code are declared in the skill documentation.

How does the tool reduce false positives?

It lowers severity for matches inside comments, documentation code blocks, and common benign patterns (template literals, variable names, normal environment access), and skips scanner pattern definitions.

How are obfuscated findings handled?

Encoded content is decoded then re-scanned; matches from decoded data receive elevated severity and are highlighted for review.

What outputs are produced?

The scanner prints a JSON block and a Markdown block to stdout and can write report.json and report.md to an output directory for archival or automation.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational