← Back to Skills Marketplace
wow-leeroy-jenkins05

Shoofly Basic

by wow-leeroy-jenkins05 · GitHub ↗ · v1.3.0 · MIT-0
cross-platform ✓ Security Clean
227
Downloads
1
Stars
0
Active Installs
8
Versions
Install in OpenClaw
/install shoofly-basic
Description
Real-time security monitor for AI agents. Watches every tool call, flags threats, and alerts you before damage is done. Works with OpenClaw and Claude Code....
Usage Guidance
This skill appears to do what it says: passively monitor tool calls, run pattern checks, log results to ~/.shoofly/logs/alerts.log, and notify via configured channels. Before installing, review and consider: 1) Logs will include full tool arguments and outputs — these can contain secrets; ensure the log file location and permissions are acceptable or modify the SKILL to redact sensitive fields. 2) The notifier will read ~/.shoofly/config.json and ~/.openclaw/openclaw.json and may use any notification tokens found there (e.g., Telegram bot token) to send alerts — verify those configs and tokens before enabling. 3) The script tries to send alerts through the user's configured channels (openclaw, Telegram, WhatsApp) which will cause data to leave the machine if those channels are configured. 4) The skill is passive (does not block), so you should still enforce guardrails for high-risk actions. If you want stronger guarantees, consider removing sensitive channels or ensuring logs are encrypted/ACL-restricted, and inspect ~/.shoofly/config.json and ~/.openclaw/openclaw.json to confirm what will be used for delivery.
Capability Analysis
Type: OpenClaw Skill Name: shoofly-basic Version: 1.3.0 The skill functions as a defensive security monitor designed to detect prompt injection, tool response injection, and unauthorized data exfiltration. The SKILL.md provides a detailed threat checklist for the agent to evaluate its own actions, while bin/shoofly-notify.sh implements a robust notification system across multiple platforms (macOS/Linux/Windows) and messaging services (Telegram, WhatsApp, Discord). The shell script demonstrates security-conscious coding practices, such as using Python for safe JSON encoding of UI notifications and verifying that log files are not symlinks before writing.
Capability Assessment
Purpose & Capability
The name/description (real-time monitor that flags tool calls) align with the included SKILL.md and the helper script. Required binaries (jq, curl) are reasonable for parsing JSON and sending HTTP requests/notifications. No unrelated credentials, installs, or surprising binaries are requested.
Instruction Scope
Instructions require the agent to capture tool name, arguments, and outputs and append them (JSONL) to ~/.shoofly/logs/alerts.log and to run pattern checks on the content. That is consistent with monitoring, but it means potentially sensitive data (secrets, API keys, full tool outputs) will be recorded unencrypted on disk and may be sent to configured channels. The instructions do not instruct reading unrelated system files, but they do read agent config (~/.shoofly/config.json) and offer to inspect ~/.openclaw/openclaw.json for channel discovery.
Install Mechanism
No install spec; this is instruction + a small bash helper included in the bundle. No downloads or archive extraction. The ship contains a single shell script whose behavior is visible and straightforward.
Credentials
The skill requests no environment variables and only requires jq/curl. It does read user config files (~/.shoofly/config.json and ~/.openclaw/openclaw.json) and may use tokens found there (telegram.bot_token, etc.) to deliver messages — which is consistent with its notification role but means those credential-containing configs will be read and used if present. The script takes precautions (mkdir, chmod 700, refuse symlink) but will still cause data to traverse configured channels.
Persistence & Privilege
The skill is not always:true, does not request system-wide config changes, and only writes to its own ~/.shoofly/ directory. It does read other agent config (~/.openclaw/) for channel discovery, which is reasonable for a notifier but worth noting. It does not autonomously block actions (explicitly passive).
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install shoofly-basic
  3. After installation, invoke the skill by name or use /shoofly-basic
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.3.0
v2: Claude Code runtime support — PostToolUse hook, install-claude-code.sh, same threat policy as OpenClaw
v1.2.6
Remove verbatim threat-pattern strings from SKILL.md to clear false-positive flags from security scanners (VirusTotal, OpenClaw). Detection logic unchanged — descriptions now use semantic language instead of literal attack strings.
v1.2.5
Added upsell path to Shoofly Advanced in listing description
v1.2.4
v1.2.4: Fix P0 bug — shoofly-notify auto mode was crashing (local outside function). SKILL.md: fix setup path, add auto channel docs, remove phantom PI-009 ref. Log entries now include type:notification field. PATH tip added to installer.
v1.2.3
v1.2.3: Improved description for discoverability. Added tags: tool-monitoring, runtime-security, jailbreak-detection, data-exfiltration.
v1.2.2
v1.2.2: OpenClaw-native notifications — auto-discovers configured channels (Telegram, WhatsApp, Discord), writes directly to active terminal TTYs, cross-platform desktop (macOS/Linux/Windows). Fixes: JSON injection in install.sh (jq --arg), BASE_URL pinned to tagged release, NDJSON log format, PowerShell stdin injection (SN-01 CRITICAL), shell injection in legacy paths (SN-02 HIGH), control-char TTY sanitization (SN-03), log dir permissions (SN-04). QA: Probe 7/7 + Sentinel PASS WITH NOTES.
v1.2.0
v1.2.0: Gateway notification always-on (fires before user channels, no config needed). Manifest fix: bin/shoofly-notify.sh now correctly bundled. Scanner false positive fix: threat checklist references policy/threats.yaml patterns instead of verbatim strings. Security: JSON-encoding mandate for gateway POST dynamic fields.
v1.1.0
v1.1.0: Bundled shoofly-notify, expanded credential detection, 4 new threat patterns, fixed OSW-001, Setup section, policy freeze docs, ReDoS fix, expanded log format.
Metadata
Slug shoofly-basic
Version 1.3.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 8
Frequently Asked Questions

What is Shoofly Basic?

Real-time security monitor for AI agents. Watches every tool call, flags threats, and alerts you before damage is done. Works with OpenClaw and Claude Code.... It is an AI Agent Skill for Claude Code / OpenClaw, with 227 downloads so far.

How do I install Shoofly Basic?

Run "/install shoofly-basic" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Shoofly Basic free?

Yes, Shoofly Basic is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Shoofly Basic support?

Shoofly Basic is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Shoofly Basic?

It is built and maintained by wow-leeroy-jenkins05 (@wow-leeroy-jenkins05); the current version is v1.3.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments