bomb-dog-sniff

What This Skill Does

bomb-dog-sniff acts as a critical security layer for the OpenClaw ecosystem, serving as a vigilant guardian that inspects third-party skills before they are executed. Operating on a 'Quarantine → Scan → Install' workflow, it detects malicious payloads that threaten system integrity, such as crypto stealers, unauthorized reverse shells, and persistent backdoors. Version 1.2.0 introduces advanced heuristic analysis, including entropy checks for obfuscated code, prototype pollution detection, and supply chain attack mitigation. It provides developers with granular visibility into potential vulnerabilities, assigning confidence levels to every finding to minimize false positives while maintaining a robust security posture.

Installation

Installation is managed directly through the OpenClaw CLI. To add this security utility to your agent, execute the following command in your terminal:

clawhub install openclaw/skills/skills/lvcidpsyche/skill-bomb-dog-sniff

Once installed, the tool is immediately available to scan local directories, audit existing installed skills, or verify new packages from external sources. No additional configuration is required for baseline protection.

Use Cases

• Pre-Install Verification: Automatically scan unknown skills downloaded from community repositories to ensure they are free of malicious scripts before letting them run within your agent environment.
• Security Auditing: Run periodic audits on existing installed skills to ensure no stale or potentially compromised code has introduced vulnerabilities over time.
• Corporate Compliance: Integrate into automated CI/CD pipelines for internal skill development to enforce security standards before deploying to production agents.
• Supply Chain Protection: Identify potential typosquatting or malicious dynamic requires in third-party dependencies.

Example Prompts

• "OpenClaw, please run a deep scan on the folder ./new-plugin using the bomb-dog-sniff skill and output the results as a JSON file for my audit logs."
• "Safely install the tool 'weather-report' from the hub; use bomb-dog-sniff to verify it doesn't contain any unauthorized network callbacks first."
• "Audit my current skill collection and identify any installed modules that trigger the 'systemd-persistence' or 'reverse-shell' detection patterns."

Tips & Limitations

• Threshold Tuning: Use the --threshold flag during scans. While the default is 40, sensitive environments may want to lower this to catch more subtle indicators of compromise.
• Binary Files: The tool skips binary files by design to prevent high false-positive rates; ensure you manually verify any blobs that the scanner cannot parse.
• Context Awareness: The scanner is optimized for source code; while it can detect many injection patterns, it should be used in conjunction with a sandbox or containerized environment for maximum safety.