โ Back to Skills Marketplace
๐ฆ Giraffe Guard โ ้ฟ้ข้นฟๅซๅฃซ
by
lida408
ยท GitHub โ
ยท v3.1.0
715
Downloads
0
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install giraffe-guard
Description
Scan OpenClaw skill directories for 22 supply chain attack patterns with context-aware detection, colored output, JSON reports, and whitelist support.
README (SKILL.md)
๐ฆ Giraffe Guard โ ้ฟ้ข้นฟๅซๅฃซ
Scan OpenClaw skill directories for supply chain attacks and malicious code. ๆซๆ OpenClaw skill ็ฎๅฝ๏ผๆฃๆตๆฝๅจ็ไพๅบ้พๆๆฏๅๆถๆไปฃ็ ใ
Features / ๅ่ฝ
- 22 security detection rules covering the full supply chain attack surface / 22 ๆกๆฃๆต่งๅ๏ผ่ฆ็ไพๅบ้พๆปๅปๅ จ้พ่ทฏ
- Context-aware: distinguishes documentation from executable code, reducing false positives / ไธไธๆๆ็ฅ๏ผๅบๅๆๆกฃๆ่ฟฐๅๅฎ้ ๅฏๆง่กไปฃ็ ๏ผ้ไฝ่ฏฏๆฅ
- Colored terminal output + JSON report output / ๅฝฉ่ฒ็ป็ซฏ่พๅบ + JSON ๆ ผๅผๆฅๅ
--verbosemode shows matching line context /--verboseๆจกๅผๆพ็คบๅน้ ่กไธไธๆ--skip-dirto exclude directories /--skip-dir่ทณ่ฟๆๅฎ็ฎๅฝ- Whitelist support / ็ฝๅๅๆบๅถ
- Compatible with macOS and Linux, zero external dependencies / ๅ ผๅฎน macOS ๅ Linux๏ผ้ถๅค้จไพ่ต
Usage / ไฝฟ็จๆนๆณ
Scan a skill directory / ๆซๆ็ฎๅฝ
{baseDir}/scripts/audit.sh /path/to/skills
Verbose mode / ่ฏฆ็ปๆจกๅผ
{baseDir}/scripts/audit.sh --verbose /path/to/skills
JSON report / JSON ๆฅๅ
{baseDir}/scripts/audit.sh --json /path/to/skills
With whitelist / ไฝฟ็จ็ฝๅๅ
{baseDir}/scripts/audit.sh --whitelist whitelist.txt /path/to/skills
Skip directories / ่ทณ่ฟ็ฎๅฝ
{baseDir}/scripts/audit.sh --skip-dir node_modules --skip-dir vendor /path/to/skills
Combined / ็ปๅไฝฟ็จ
{baseDir}/scripts/audit.sh --verbose --context 3 --whitelist whitelist.txt --skip-dir node_modules /path/to/skills
Detection Rules (22) / ๆฃๆต่งๅ
๐ด Critical / ไธฅ้็บงๅซ
| # | Rule | EN | ไธญๆ |
|---|---|---|---|
| 1 | pipe-execution | Pipe execution (curl/wget to bash) | ็ฎก้ๆง่ก |
| 2 | base64-decode-pipe | Base64 decoded and piped | Base64 ่งฃ็ ็ฎก้ๆง่ก |
| 3 | security-bypass | macOS Gatekeeper/SIP bypass | ๅฎๅ จๆบๅถ็ป่ฟ |
| 5 | tor-onion-address | Tor hidden service | ๆ็ฝๅฐๅ |
| 5 | reverse-shell | Reverse shell patterns | ๅๅ shell |
| 7 | file-type-disguise | Binary disguised as text | ๆไปถ็ฑปๅไผช่ฃ |
| 8 | ssh-key-exfiltration | SSH key theft | SSH ๅฏ้ฅ็ชๅ |
| 8 | cloud-credential-access | Cloud credential access | ไบๅญ่ฏ่ฎฟ้ฎ |
| 8 | env-exfiltration | Env vars sent over network | ็ฏๅขๅ้ๅคไผ |
| 9 | anti-sandbox | Anti-debug/anti-sandbox | ๅๆฒ็/ๅ่ฐ่ฏ |
| 10 | covert-downloader | One-liner downloaders | ๅ่กไธ่ฝฝๅจ |
| 11 | persistence-launchagent | macOS LaunchAgent | ๆไน ๅ |
| 13 | string-concat-bypass | String concatenation bypass | ๅญ็ฌฆไธฒๆผๆฅ็ป่ฟ |
| 15 | env-file-leak | .env with real secrets | .env ๅฏ้ฅๆณ้ฒ |
| 16 | typosquat-npm/pip | Typosquatting packages | ๅ ๅไปฟๅ |
| 17 | malicious-postinstall | Malicious lifecycle scripts | ๆถๆ็ๅฝๅจๆ่ๆฌ |
| 18 | git-hooks | Active git hooks | ๆดป่ท git hooks |
| 19 | sensitive-file-leak | Private keys/credentials | ็ง้ฅ/ๅญ่ฏๆณ้ฒ |
| 20 | skillmd-prompt-injection | Prompt injection in SKILL.md | SKILL.md prompt ๆณจๅ ฅ |
| 21 | dockerfile-privileged | Docker privileged mode | Docker ็นๆๆจกๅผ |
| 22 | zero-width-chars | Zero-width Unicode chars | ้ถๅฎฝ Unicode ๅญ็ฌฆ |
๐ก Warning / ่ญฆๅ็บงๅซ
| # | Rule | EN | ไธญๆ |
|---|---|---|---|
| 2 | long-base64-string | Long Base64 strings | ่ถ ้ฟ Base64 ๅญ็ฌฆไธฒ |
| 4 | dangerous-permissions | Dangerous permissions | ๅฑ้ฉๆ้ไฟฎๆน |
| 5 | suspicious-network-ip | Non-local IP connections | ้ๆฌๅฐ IP ็ด่ฟ |
| 5 | netcat-listener | Netcat listeners | netcat ็ๅฌ |
| 6 | covert-exec-eval | Suspicious eval() (JS/TS) | ๅฏ็ eval ่ฐ็จ |
| 6 | covert-exec-python | os.system/subprocess in .py | Python ๅฑ้ฉ่ฐ็จ |
| 11 | cron-injection | Cron/launchctl injection | ๅฎๆถไปปๅกๆณจๅ ฅ |
| 12 | hidden-executable | Hidden executable files | ้่ๅฏๆง่กๆไปถ |
| 13 | hex/unicode-obfuscation | Hex/Unicode obfuscation | hex/Unicode ๆททๆท |
| 14 | symlink-sensitive | Symlinks to sensitive paths | ๆๆ็ฌฆๅท้พๆฅ |
| 16 | custom-registry | Non-official registries | ้ๅฎๆนๅ ๆบ |
| 20 | skillmd-privilege-escalation | Privilege escalation | ๆ้ๆๅ |
| 21 | dockerfile-sensitive-mount | Sensitive mounts | ๆๆ็ฎๅฝๆ่ฝฝ |
| 21 | dockerfile-host-network | Host network mode | ไธปๆบ็ฝ็ปๆจกๅผ |
Exit Codes / ้ๅบ็
0โ โ Clean / ๅฎๅ จ1โ ๐ก Warnings / ๆ่ญฆๅ2โ ๐ด Critical / ๆไธฅ้ๅ็ฐ
Dependencies / ไพ่ต
No external dependencies. Uses: bash, grep, sed, find, file, awk, readlink, perl ้ถๅค้จไพ่ต๏ผไป ไฝฟ็จ็ณป็ป่ชๅธฆๅทฅๅ ทใ
Usage Guidance
This package is largely coherent with its claimed purpose (a local scanner), but there are a few things to check before installing or running it:
- Clarify the mismatches: SKILL.md mentions 22 rules while README and scripts indicate 55+ rules; confirm which rules will actually run.
- Ensure required system tools are available: the scripts assume standard Unix tools; python3 is optional but needed for deeper AST checks; git is used by --pre-install. The registry metadata did not list these binaries โ don't rely solely on the metadata.
- Be cautious with --pre-install: it clones remote git URLs (network activity). When scanning untrusted repos, run the tool in an isolated environment (sandbox, container, or CI worker) to avoid any accidental execution of untrusted code.
- Review the included scripts yourself (audit.sh and ast_analyzer.py are provided) or run them on test data first. They are intended to scan for secrets and dangerous constructs but will read all files in the target directory โ do not point it at sensitive home directories.
- If you need high assurance, request the publisher/source (homepage is missing) or prefer a scanner from a known repository; otherwise run in a disposable environment and inspect outputs carefully.
Confidence is medium because inconsistencies look like sloppy packaging rather than malicious intent, but the lack of declared runtime dependencies and the network-enabled pre-install mode increase risk until clarified.
Capability Analysis
Type: OpenClaw Skill
Name: giraffe-guard
Version: 3.1.0
This OpenClaw skill bundle, 'Giraffe Guard', is a security scanner designed to detect supply chain attacks and malicious code. Both `SKILL.md` and `README.md` clearly describe its purpose and usage, without any prompt injection attempts or malicious instructions for the AI agent. The core scripts (`scripts/audit.sh` and `scripts/ast_analyzer.py`) implement a wide array of detection rules targeting common malicious patterns (e.g., RCE, data exfiltration, persistence, obfuscation) in *other* code, not performing these actions themselves. The tool explicitly includes a rule to detect prompt injection in `SKILL.md` and uses only standard system utilities and Python's standard library, indicating a well-intentioned security utility.
Capability Assessment
Purpose & Capability
The skill's code (scripts/audit.sh and scripts/ast_analyzer.py) implements a supply-chain scanner consistent with the declared purpose. However, metadata lists 'no required binaries' while the textual docs and scripts expect common system tools (bash, grep, sed, find, awk, file, readlink, perl), optionally python3 for AST analysis, and git when using --pre-install. Also the SKILL.md claims 22 detection rules but README/scripts advertise many more (55+ rules / 38 grep + 17 AST). These mismatches are likely sloppy packaging/documentation but should be clarified before installation.
Instruction Scope
SKILL.md instructs the agent to run scripts/audit.sh against a target directory (or with --pre-install clone a repo). The runtime instructions are scoped to scanning files and producing reports. The script may read all files under the target directory (expected for a scanner). It does not appear to instruct modification of system-wide configs or to harvest agent secrets. Note: --pre-install triggers a git clone of a remote repo (network I/O).
Install Mechanism
There is no install spec (instruction-only with included scripts). No remote downloads or archive extraction are defined by the registry metadata. The code is present in the skill bundle and executed as local scripts, which is lower risk than an installer that fetches arbitrary code at install time.
Credentials
The skill declares no required environment variables or credentials (primary credential none), and the scripts do not request secrets. The scanner is designed to detect hardcoded keys in target code but does not require access to any external credentials. This is proportionate to its stated function.
Persistence & Privilege
The skill is not always:true and does not request permanent platform privileges. It does not appear to modify other skills or global agent configuration. Autonomous invocation is allowed (platform default) but not combined with other privileged behaviors here.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install giraffe-guard - After installation, invoke the skill by name or use
/giraffe-guard - Provide required inputs per the skill's parameter spec and get structured output
Version History
v3.1.0
22 detection rules + AST deep Python analysis. Context-aware, zero dependencies, macOS/Linux compatible.
Metadata
Frequently Asked Questions
What is ๐ฆ Giraffe Guard โ ้ฟ้ข้นฟๅซๅฃซ?
Scan OpenClaw skill directories for 22 supply chain attack patterns with context-aware detection, colored output, JSON reports, and whitelist support. It is an AI Agent Skill for Claude Code / OpenClaw, with 715 downloads so far.
How do I install ๐ฆ Giraffe Guard โ ้ฟ้ข้นฟๅซๅฃซ?
Run "/install giraffe-guard" in the OpenClaw or Claude Code chat to install it in one step โ no extra setup required.
Is ๐ฆ Giraffe Guard โ ้ฟ้ข้นฟๅซๅฃซ free?
Yes, ๐ฆ Giraffe Guard โ ้ฟ้ข้นฟๅซๅฃซ is completely free (open-source). You can download, install and use it at no cost.
Which platforms does ๐ฆ Giraffe Guard โ ้ฟ้ข้นฟๅซๅฃซ support?
๐ฆ Giraffe Guard โ ้ฟ้ข้นฟๅซๅฃซ is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created ๐ฆ Giraffe Guard โ ้ฟ้ข้นฟๅซๅฃซ?
It is built and maintained by lida408 (@lida408); the current version is v3.1.0.
More Skills