giraffe-guard
Scan OpenClaw skill directories for supply chain attacks and malicious code.
Setup & Installation
Install command
clawhub install lida408/giraffe-guardIf the CLI is not installed:
Install command
npx clawhub@latest install lida408/giraffe-guardOr install with OpenClaw CLI:
Install command
openclaw skills install lida408/giraffe-guardor paste the repo link into your assistant's chat
Install command
https://github.com/openclaw/skills/tree/main/skills/lida408/giraffe-guardWhat This Skill Does
Scans OpenClaw skill directories for supply chain attacks and malicious code using 22 detection rules. Context-aware analysis distinguishes documentation from executable code to reduce false positives. Outputs colored terminal results or JSON reports.
Zero external dependencies means it runs on any macOS or Linux system without setup, unlike scanners that require language runtimes or package installs.
When to Use It
- Auditing a new third-party skill before installing it
- Running automated security checks in a CI pipeline for skill repos
- Identifying prompt injection attempts hidden in SKILL.md files
- Detecting typosquatted npm/pip packages bundled with skills
- Finding reverse shells or credential exfiltration patterns in skill scripts
Example Workflow
Here's how your AI assistant might use this skill in practice.
User asks: Auditing a new third-party skill before installing it
- 1Auditing a new third-party skill before installing it
- 2Running automated security checks in a CI pipeline for skill repos
- 3Identifying prompt injection attempts hidden in SKILL.md files
- 4Detecting typosquatted npm/pip packages bundled with skills
- 5Finding reverse shells or credential exfiltration patterns in skill scripts
Scan OpenClaw skill directories for supply chain attacks and malicious code.
Security Audits
These signals reflect official OpenClaw status values. A Suspicious status means the skill should be used with extra caution.