← Back to Skills Marketplace
andyxinweiminicloud

Supply Chain Poison Detector

by andyxinweiminicloud · GitHub ↗ · v1.0.1
cross-platform ✓ Security Clean
486
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install supply-chain-poison-detector
Description
Helps detect supply chain poisoning in AI agent marketplace skills. Scans Gene/Capsule validation fields for shell injection, outbound requests, and encoded...
Usage Guidance
This skill appears coherent for static supply-chain scanning, but keep these cautions in mind: 1) It will fetch remote assets if you give an EvoMap/URL — avoid giving it URLs that require authentication or that will trigger unintended operations. 2) Do not paste secrets or private files into the scanner input. 3) Because SKILL.md is high-level and provides no concrete script/regex, review the scanner's implementation (or run it in an isolated environment) before relying on results; false negatives are possible. 4) Ensure curl and python3 on your system come from trusted sources. If you need stricter guarantees, request the actual analysis code from the author or run an independent, auditable scanner in a sandbox.
Capability Analysis
Type: OpenClaw Skill Name: supply-chain-poison-detector Version: 1.0.1 The skill 'supply-chain-poison-detector' is a security tool designed to identify malicious patterns (such as shell injection, data exfiltration, encoded payloads, and sensitive file access) within other AI agent skills. Both the `_meta.json` and `SKILL.md` files consistently describe this legitimate security purpose. The required binaries (`curl`, `python3`) are appropriate for its stated function, and there are no instructions or code within the provided files indicating that *this* skill performs any malicious actions itself, nor any prompt injection attempts against the agent.
Capability Assessment
Purpose & Capability
Name/description match the requested resources: a scanner that may fetch assets (curl) and run analysis (python3). No unrelated credentials, config paths, or binaries are requested.
Instruction Scope
SKILL.md describes the scanner behavior and patterns to detect, and accepts pasted JSON/source or an EvoMap asset URL. It does not instruct the agent to read local files or env vars by default, but it will fetch remote assets if given a URL. The document is high-level and does not include an actual analysis script or exact regexes, so behavior depends on the agent's implementation (risk of inconsistent detection and false negatives/positives).
Install Mechanism
Instruction-only skill with no install spec and no code files. This is the lowest-risk install posture.
Credentials
No environment variables, secrets, or config paths are requested. Asking for curl and python3 is proportionate to fetching and analyzing remote assets.
Persistence & Privilege
always:false and no special persistence requested. The skill can be invoked autonomously by default (platform normal), but it does not request force-inclusion or system-wide changes.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install supply-chain-poison-detector
  3. After installation, invoke the skill by name or use /supply-chain-poison-detector
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Agent Card metadata update
v1.0.0
- Initial release of supply-chain-poison-detector. - Scans AI skill assets (Gene/Capsule JSON or source code) for supply chain poisoning indicators. - Detects shell injection, outbound requests, encoded payloads, unauthorized file system access, and suspicious process spawning in skill validation fields. - Produces a structured report with detected patterns, risk rating (CLEAN / SUSPECT / THREAT), and usage recommendations.
Metadata
Slug supply-chain-poison-detector
Version 1.0.1
License
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is Supply Chain Poison Detector?

Helps detect supply chain poisoning in AI agent marketplace skills. Scans Gene/Capsule validation fields for shell injection, outbound requests, and encoded... It is an AI Agent Skill for Claude Code / OpenClaw, with 486 downloads so far.

How do I install Supply Chain Poison Detector?

Run "/install supply-chain-poison-detector" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Supply Chain Poison Detector free?

Yes, Supply Chain Poison Detector is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Supply Chain Poison Detector support?

Supply Chain Poison Detector is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Supply Chain Poison Detector?

It is built and maintained by andyxinweiminicloud (@andyxinweiminicloud); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments