skills-firewall_skill

This skill automatically blocks and filters potentially harmful skills by scanning code patterns and enforcing security policies.
  • Python

2.5k

GitHub Stars

3

Bundled Files

2 months ago

Catalog Refreshed

3 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill openclaw/skills --skill skills-firewall

  • _meta.json283 B
  • security_report.html4.4 KB
  • SKILL.md4.8 KB

Overview

This skill provides a security firewall for AI skills that automatically blocks and filters malicious or potentially harmful code. It inspects skill archives and source files, assigns threat levels, and enforces allow/block/quarantine decisions. It is designed for scanning, filtering, reporting, and managing allowed or blocked skill lists.

How this skill works

The firewall analyzes skill code and metadata against a configurable set of detection rules and malicious patterns (e.g., eval, subprocess with shell, hardcoded credentials). It produces a threat level (SAFE, LOW, MEDIUM, HIGH, CRITICAL) and a recommended action (allow, warn, block, quarantine). Results can be exported as text, JSON, or HTML reports and integrated into automation pipelines.

When to use it

  • Scan a single skill before installation or execution
  • Batch-scan an archive or directory of skills for security threats
  • Filter skills during CI/CD or marketplace ingestion
  • Generate security reports for audits or compliance
  • Manage and enforce allowed/blocked/quarantine lists for deployed environments

Best practices

  • Scan every new or updated skill before use
  • Treat HIGH and CRITICAL findings as blockers and quarantine immediately
  • Keep detection patterns and rules up to date to reflect new threat techniques
  • Document reasons for exceptions when allowing warned skills
  • Use exported reports (JSON/HTML) for audits and automation

Example use cases

  • Pre-installation scan: check a downloaded skill for code injection or credential leaks
  • Marketplace moderation: batch-filter thousands of archived skills before publishing
  • CI integration: fail builds that include skills flagged as HIGH or CRITICAL
  • Compliance reporting: generate HTML/JSON reports for security reviews
  • Operations: maintain allowed and blocked skill lists and quarantine directory for manual review

FAQ

The firewall outputs human-readable text, structured JSON, and HTML reports for integration and auditing.

How are threat levels determined?

Threat levels are derived from matched detection categories and rule severity. Rules map patterns (e.g., eval, os.system, hardcoded keys) to actions and severity to assign SAFE through CRITICAL ratings.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational