← Back to Skills Marketplace
391
Downloads
0
Stars
2
Active Installs
9
Versions
Install in OpenClaw
/install safe-skill-advisor
Description
Security Skill Advisor - Protect you from malicious skills on ClawHub. Provides security warnings, tool recommendations, and 30-second self-check checklist.
Usage Guidance
This skill is advice-only and coherent with its purpose, but follow these precautions before acting on its recommendations: 1) Verify any external tools it recommends (visit the linked GitHub repos directly, check stars/commits and maintainer identity) before running pip install; 2) Never run curl | bash or execute unfamiliar downloaded archives — the skill itself warns against that; 3) Run third-party scanners in a sandbox or VM if possible to reduce risk; 4) Confirm the reporting email ([email protected]) is the legitimate ClawHub contact before sending sensitive evidence; 5) Remember this skill only gives guidance — actual risk comes from installing/running other tools or skills it recommends, so inspect those separately.
Capability Analysis
Type: OpenClaw Skill
Name: safe-skill-advisor
Version: 1.7.0
The skill is a purely informational security advisor designed to educate users about potential risks on ClawHub. It contains no executable code and functions by providing the AI agent with structured instructions (SKILL.md) to deliver security warnings, checklists, and recommendations for third-party tools like 'Cisco AI Skill Scanner' and 'SecureClaw'. While it uses forceful prompt engineering ('MANDATORY INSTRUCTIONS') to define the agent's behavior, the intent is clearly aligned with its stated defensive purpose and lacks any indicators of malicious activity, data exfiltration, or unauthorized system access.
Capability Assessment
Purpose & Capability
Name, description, and content are consistent: the skill provides advice, checklists, and tool recommendations for assessing other skills. It does not request unrelated credentials, binaries, or config paths.
Instruction Scope
SKILL.md only gives guidance and shell commands for users to run (e.g., pip install cisco-ai-skill-scanner, cisco-scan, secureclaw scan, history, ps, netstat). It does not instruct the AI/agent to read hidden files, environment variables, or to exfiltrate data. Note: it recommends installing third-party scanners and running system commands — these are normal for a security advisor but carry the usual user-side risk (verify tools before running).
Install Mechanism
No install spec and no code files — instruction-only skill. Nothing is downloaded or written to disk by the skill itself (lowest install risk).
Credentials
No required environment variables, credentials, or config paths are declared or referenced. The skill's recommendations (scanners) may ask for their own credentials when used, but that is external to this skill and proportionate to its purpose.
Persistence & Privilege
always:false and disable-model-invocation:false (normal). The skill does not request persistent system presence or modify other skills or system-wide settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install safe-skill-advisor - After installation, invoke the skill by name or use
/safe-skill-advisor - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.7.0
Version 1.7.0 brings a major rewrite and simplification of documentation for the Safe-Skill Advisor.
- Reorganized and clarified SKILL.md with distinct user and AI-facing sections.
- Added a concise "Quick Start" and usage instructions for end users.
- Expanded best-practice and self-checklists, with clearer and more actionable advice.
- Improved tool recommendation sections for Cisco AI Skill Scanner and SecureClaw, including command examples and links.
- FAQ and attack statistics are now easier to navigate and apply.
- Maintains strong, mandatory security guidance for both users and AI assistants.
v1.6.0
**Version 1.6.0 summary: Improved clarity, safety, and enforceability for security guidance.**
- Added a detailed AI system directive to enforce mandatory safety warnings, tool recommendations, reporting, and checklists.
- Clarified step-by-step requirements for common user queries: skill safety, how to check, and what to do if a skill is suspicious.
- Strengthened reminders for high-risk skill types and proactive best-practice advice.
- Included concise quick-reference and FAQ sections for consistent responses.
- Added explicit consequences for not following safety procedures.
- New README.md file introduced for additional documentation.
v1.5.1
Tag display fix - Added tags in YAML header, version number corrected
v1.5.0
Tag format fix - Added tags in body section for proper ClawHub display
v1.4.0
Metadata fix - Author name correction (Xiao Zhua), added collaboration credit (Working with Crystaria), tag display optimization
v1.3.0
English release - Full translation for global reach, optimized tags
v1.2.0
English release - Full translation for global reach
v1.1.0
标签优化 - 添加 security, audit, scanner, malware-check, best-practice 等标签,提升搜索可见性
v1.0.0
初始版本发布 - 提供安全风险提示、工具推荐、30 秒自查清单
Metadata
Frequently Asked Questions
What is Safe Skill Advisor?
Security Skill Advisor - Protect you from malicious skills on ClawHub. Provides security warnings, tool recommendations, and 30-second self-check checklist. It is an AI Agent Skill for Claude Code / OpenClaw, with 391 downloads so far.
How do I install Safe Skill Advisor?
Run "/install safe-skill-advisor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Safe Skill Advisor free?
Yes, Safe Skill Advisor is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Safe Skill Advisor support?
Safe Skill Advisor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Safe Skill Advisor?
It is built and maintained by Crystaria (@crystaria); the current version is v1.7.0.
More Skills