safe-fuzzer
Sandbox-only behavior-led gray-box skill fuzzer. Spawns a worker subagent, probes an installed target skill, deploys honeypot fixtures, and returns a structured JSON risk report.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/archidoge0/safe-fuzzer-skillWhat This Skill Does
The SAFE Fuzzer is a specialized, behavior-led gray-box security auditing tool designed exclusively for the OpenClaw agent ecosystem. Unlike standard functional testers, this skill operates by orchestrating a parent-child relationship where a parent agent monitors a sandbox-confined worker subagent. This worker systematically probes installed target skills by injecting test payloads, deploying honeypot fixtures, and observing subsequent file, network, and shell-level activities. By simulating attack vectors and edge cases, the SAFE Fuzzer generates structured risk reports that identify potential vulnerabilities or unintended side effects in your custom skills before they are deployed to production.
Installation
To install this skill, use the OpenClaw command-line interface within your terminal:
clawhub install openclaw/skills/skills/archidoge0/safe-fuzzer-skill
Ensure that your OpenClaw environment is configured with sandboxing enabled before attempting installation, as this skill strictly enforces safety gate checks at runtime.
Use Cases
- Security Hardening: Audit newly developed skills to ensure they do not perform unauthorized file system access or unexpected network calls.
- Compliance Audits: Verify that third-party skills respect sandbox boundaries and do not attempt to reach out to forbidden host resources.
- Robustness Testing: Stress-test error handling in skill logic by providing boundary-condition inputs during the fuzzer's automated probe cycles.
- CI/CD Integration: Incorporate the SAFE Fuzzer into your development pipeline to perform automated risk assessments on every pull request involving skill modifications.
Example Prompts
- "/safe_fuzzer target=file-cleaner preset=balanced notes='Checking for unauthorized file system writes during cleanup.'"
- "/skill safe-fuzzer target=api-aggregator preset=max notes='Comprehensive fuzzing for edge-case payloads.'"
- "/safe_fuzzer target=local-search-engine preset=min"
Tips & Limitations
- Safety First: The fuzzer will strictly refuse execution unless your agent environment is fully sandboxed. Always run under
sandbox.mode: 'all'. - Preset Selection: Use
minfor quick sanity checks during development, and reservemaxfor thorough, pre-deployment security audits. Remember thatmaxrequires significantly longer execution times. - Scope: The fuzzer operates entirely within the workspace sandbox. It cannot verify security properties outside of the virtualized environment. Never use this tool to attempt to bypass local host security or to access sensitive configuration files like
.openclaw/openclaw.json.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-archidoge0-safe-fuzzer-skill": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: network-access, file-write, file-read, code-execution
Related Skills
safe-bootstrapper
Deterministic setup and remediation helper for installed OpenClaw skills. Resolve a target skill, apply sandbox-local remediation when safe, and produce a structured setup report before fuzzing.
safe-fuzzer
Sandbox-only behavior-led gray-box skill fuzzer. Spawns a worker subagent, probes an installed target skill, deploys honeypot fixtures, and returns a structured JSON risk report.