← Back to Skills Marketplace

Yidun Skill Sec

Name: Yidun Skill Sec
Author: yd-dev

by Yidun · GitHub ↗ · v1.0.1 · MIT-0

linuxdarwinwin32 ⚠ suspicious

537

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install yidun-skill-sec

Description

Intelligent code security scanner with hybrid local-cloud detection. Fingerprints packages, runs static behavioral analysis, and consults cloud threat intell...

Usage Guidance

This skill appears to do what it says (a hybrid local-cloud scanner) and only needs curl/jq/openssl. The main risk is data you may not expect it to send: the SKILL.md says it uploads redacted code snippets and tags to a third‑party endpoint (as.dun.163.com). Because there is no implementation included, you cannot verify the redaction or exact upload rules. Before installing or enabling cloud mode: 1) Prefer running scans offline (set YIDUN_SKILL_SEC_CLOUD=false) on sensitive code or in an isolated environment. 2) If you plan to enable cloud analysis, test it first on non-sensitive packages to confirm what is sent. 3) Ask the author or vendor for the scanner implementation (or review it) to verify the local redaction pipeline and the exact file-read policies. 4) Limit network access (e.g., firewall) if you cannot audit the implementation. 5) If you use this skill in high-sensitivity contexts, require that cloud uploads be disabled or that the vendor provides a signed, auditable client implementation. These steps will reduce the chance that secrets or unexpected data are exfiltrated.

Capability Analysis

Type: OpenClaw Skill Name: yidun-skill-sec Version: 1.0.1 The skill is a security scanner that performs static behavioral analysis and uploads file hashes and redacted code snippets to a cloud intelligence endpoint (as.dun.163.com). While its actions are consistent with its stated purpose of threat detection, it requires high-risk capabilities including broad filesystem access and outbound network communication to a third-party service. The documentation describes a detailed 'Local Redaction Pipeline' to mitigate data leakage, but the inherent risk of transmitting code-derived metadata and the potential for sensitive data to bypass redaction logic warrants a suspicious classification under the provided criteria.

Capability Assessment

✓ Purpose & Capability

Name/description (security scanner) align with required binaries (curl, jq, openssl) and with the SKILL.md: cloud checks, fingerprinting, and static analysis reasonably require network calls and hash computation.

ℹ Instruction Scope

SKILL.md instructs the agent to read package files, compute fingerprints, run behavioral analysis, and upload redacted evidence (hashes, tags, and code snippets) to as.dun.163.com. That is coherent for a scanner, but the redaction pipeline and exact rules for what is/ isn't uploaded are only described textually — there is no code to verify that full sources, credentials, or other sensitive artifacts will never be uploaded. The scanner also mentions detecting accesses to agent memory and sensitive paths; if implemented poorly, the scanning step itself could read sensitive files. Summary: behavior is expected for the purpose, but the absence of verifiable implementation details raises privacy/exfiltration concerns.

✓ Install Mechanism

Instruction-only skill (no install spec, no code files) — this is low-risk from an installation/execution perspective because nothing is written or executed by default. Requires standard CLI tools only; no downloads from arbitrary URLs.

✓ Credentials

The skill does not request credentials or privileged environment variables. Declared optional env vars (YIDUN_SKILL_SEC_CLOUD, TRUSTED_REGISTRIES, LOG_PAYLOAD) are reasonable for toggling cloud behavior and trusted hosts.

✓ Persistence & Privilege

always is false and the skill is user-invocable; it does not request persistent system-wide privileges or to modify other skills. Autonomous invocation is allowed by platform default but is not combined with other privilege escalations here.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install yidun-skill-sec
After installation, invoke the skill by name or use /yidun-skill-sec
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.1

yidun-skill-sec 1.0.1 - Version bump with no code or SKILL.md file change detected. - No new features, fixes, or breaking changes in this release.

v1.0.0

No file changes detected. No updates in this version.

v0.0.7

No user-visible changes in this release. Version number updated to 0.0.7.

v0.0.6

**yidun-skill-sec v0.0.6 Changelog** - Added `YIDUN_SKILL_SEC_LOG_PAYLOAD` environment variable to optionally log the redacted cloud payload locally before upload for auditing. - Updated file hashing algorithm from MD5 to SHA-256 for improved security. - Improved disclosure: clarified that cloud detection data is used only for the current scan and destroyed immediately after analysis. - Documented two-tier domain blacklist: a local embedded list for offline safety, and an augmented cloud list when cloud scanning is enabled. - Added details on how nested archives are handled and tagged for security risk. - Minor improvements to documentation and security policy for greater transparency.

v0.0.5

yidun-skill-sec v0.0.5 — No file changes, metadata update only. - Added documentation for two environment variables: `YIDUN_SKILL_SEC_CLOUD` (to control cloud threat intelligence) and `YIDUN_SKILL_SEC_TRUSTED_REGISTRIES` (to custom-allow registries). - No code changes or new features in this version.

v0.0.4

No functional or documentation changes detected in this release. - Version number updated to 0.0.4. - No changes to code or documentation files.

v0.0.3

**Cloud threat intelligence phase now mandatory with explicit data policy** - Cloud scanning is now a required step; optional/offline fallback removed. - Added a clear security disclosure detailing exactly what package data is uploaded (non-sensitive metadata, trigger snippets, tags only) and what is never uploaded (no source code, credentials, or personal data). - Stated that uploads are sent to NetEase Yidun and are crucial for deep threat detection. - All other functionality and scanning phases remain unchanged.

v0.0.2

No user-facing changes in this release. - Version bump to 0.0.2 with no file or documentation updates detected.

v0.0.1

yidun-skill-sec v0.0.1 - Initial release of hybrid local-cloud security scanner for third-party code packages - Performs source vetting, fingerprinting, static behavioral analysis, and optional cloud intelligence lookup - Detects malware, secrets leaks, privilege abuse, obfuscation, and other suspicious behaviors before install - Auto-downgrades to local-only scanning if offline - Compatible with Linux, macOS, and Windows; requires curl, jq, and openssl

Metadata

Slug yidun-skill-sec

Version 1.0.1

License MIT-0

All-time Installs 2

Active Installs 2

Total Versions 9

Frequently Asked Questions

What is Yidun Skill Sec?

Intelligent code security scanner with hybrid local-cloud detection. Fingerprints packages, runs static behavioral analysis, and consults cloud threat intell... It is an AI Agent Skill for Claude Code / OpenClaw, with 537 downloads so far.

How do I install Yidun Skill Sec?

Run "/install yidun-skill-sec" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Yidun Skill Sec free?

Yes, Yidun Skill Sec is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Yidun Skill Sec support?

Yidun Skill Sec is cross-platform and runs anywhere OpenClaw / Claude Code is available (linux, darwin, win32).

Who created Yidun Skill Sec?

It is built and maintained by Yidun (@yd-dev); the current version is v1.0.1.

More Skills