Back to Registry
View Author Profile
Official Verified
Giraffe Guard
Skill by lida408
skill-install — Terminal
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/lida408/giraffe-guardOr
🦒 Giraffe Guard — 长颈鹿卫士
Scan OpenClaw skill directories for supply chain attacks and malicious code. 扫描 OpenClaw skill 目录,检测潜在的供应链投毒和恶意代码。
Features / 功能
- 22 security detection rules covering the full supply chain attack surface / 22 条检测规则,覆盖供应链攻击全链路
- Context-aware: distinguishes documentation from executable code, reducing false positives / 上下文感知:区分文档描述和实际可执行代码,降低误报
- Colored terminal output + JSON report output / 彩色终端输出 + JSON 格式报告
--verbosemode shows matching line context /--verbose模式显示匹配行上下文--skip-dirto exclude directories /--skip-dir跳过指定目录- Whitelist support / 白名单机制
- Compatible with macOS and Linux, zero external dependencies / 兼容 macOS 和 Linux,零外部依赖
Usage / 使用方法
Scan a skill directory / 扫描目录
{baseDir}/scripts/audit.sh /path/to/skills
Verbose mode / 详细模式
{baseDir}/scripts/audit.sh --verbose /path/to/skills
JSON report / JSON 报告
{baseDir}/scripts/audit.sh --json /path/to/skills
With whitelist / 使用白名单
{baseDir}/scripts/audit.sh --whitelist whitelist.txt /path/to/skills
Skip directories / 跳过目录
{baseDir}/scripts/audit.sh --skip-dir node_modules --skip-dir vendor /path/to/skills
Combined / 组合使用
{baseDir}/scripts/audit.sh --verbose --context 3 --whitelist whitelist.txt --skip-dir node_modules /path/to/skills
Detection Rules (22) / 检测规则
🔴 Critical / 严重级别
| # | Rule | EN | 中文 |
|---|---|---|---|
| 1 | pipe-execution | Pipe execution (curl/wget to bash) | 管道执行 |
| 2 | base64-decode-pipe | Base64 decoded and piped | Base64 解码管道执行 |
| 3 | security-bypass | macOS Gatekeeper/SIP bypass | 安全机制绕过 |
| 5 | tor-onion-address | Tor hidden service | 暗网地址 |
| 5 | reverse-shell | Reverse shell patterns | 反向 shell |
| 7 | file-type-disguise | Binary disguised as text | 文件类型伪装 |
| 8 | ssh-key-exfiltration | SSH key theft | SSH 密钥窃取 |
| 8 | cloud-credential-access | Cloud credential access | 云凭证访问 |
| 8 | env-exfiltration | Env vars sent over network | 环境变量外传 |
| 9 | anti-sandbox | Anti-debug/anti-sandbox | 反沙盒/反调试 |
| 10 | covert-downloader | One-liner downloaders | 单行下载器 |
| 11 | persistence-launchagent | macOS LaunchAgent | 持久化 |
| 13 | string-concat-bypass | String concatenation bypass | 字符串拼接绕过 |
| 15 | env-file-leak | .env with real secrets | .env 密钥泄露 |
| 16 | typosquat-npm/pip | Typosquatting packages | 包名仿冒 |
| 17 | malicious-postinstall | Malicious lifecycle scripts | 恶意生命周期脚本 |
| 18 | git-hooks | Active git hooks | 活跃 git hooks |
| 19 | sensitive-file-leak | Private keys/credentials | 私钥/凭证泄露 |
| 20 | skillmd-prompt-injection | Prompt injection in SKILL.md | SKILL.md prompt 注入 |
| 21 | dockerfile-privileged | Docker privileged mode | Docker 特权模式 |
| 22 | zero-width-chars | Zero-width Unicode chars | 零宽 Unicode 字符 |
Metadata
AI Skill Finder
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skill Add to Configuration
Paste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-lida408-giraffe-guard": {
"enabled": true,
"auto_update": true
}
}
}Safety NoteClawKit audits metadata but not runtime behavior. Use with caution.