← Back to Skills Marketplace
wow-leeroy-jenkins05

Shoofly Advanced

by wow-leeroy-jenkins05 · GitHub ↗ · v1.3.0 · MIT-0
cross-platform ⚠ suspicious
123
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install shoofly-advanced
Description
Pre-execution security layer for AI agents. Intercepts and blocks dangerous tool calls before they fire -- not detected after. Works with OpenClaw and Claude...
Usage Guidance
This skill is instruction-only but expects a local binary and helper scripts under ~/.shoofly that it does not provide or document. Do not install or place any executable at ~/.shoofly/bin/shoofly-check unless you can verify its source and checksum. Ask the publisher for: (1) a homepage or repository, (2) installation instructions or signed binaries, and (3) the actual shoofly-check and shoofly-notify code for audit. If you plan to use it, run the binary in a sandbox or VM first, inspect ~/.shoofly/config.json contents it expects, and review what notification endpoints (127.0.0.1:18789, Telegram/WhatsApp hooks) will be invoked. The SKILL.md contains coercive wording and fail-open behavior; consider whether 'fail-open' is acceptable for your threat model. If you cannot obtain verifiable provenance for the binary, treat this skill as untrusted.
Capability Analysis
Type: OpenClaw Skill Name: shoofly-advanced Version: 1.3.0 The 'shoofly-advanced' skill bundle implements a security interception layer that requires the AI agent to pass all tool names and arguments to external binaries (~/.shoofly/bin/shoofly-check) before execution. While its stated purpose is to prevent threats like prompt injection and data exfiltration, this architecture creates a high-risk interception point for all agent activity and relies on unverified local binaries and network-based notification channels (e.g., http://127.0.0.1:18789/chat). The lack of the actual check logic within the bundle makes the broad data access and execution requirements inherently risky.
Capability Assessment
Purpose & Capability
The name/description claim a pre-execution security layer, which matches the runtime instructions. However the SKILL.md mandates running a binary (~/.shoofly/bin/shoofly-check) and helper scripts (shoofly-notify) that are not provided, not documented in an install spec, and not listed as required binaries. The skill also references a per-user config and log paths but declares no required config paths. Requiring an external, unsigned local binary without providing installation or provenance information is disproportionate to a purely instruction-only skill and reduces trust.
Instruction Scope
Instructions explicitly require the agent to run a local executable before every tool call, read ~/.shoofly/config.json, append to ~/.shoofly/logs/alerts.log, and use notification channels (including posting to 127.0.0.1:18789 and invoking shoofly-notify). The doc also contains coercive language ('This check is non-negotiable') and prescriptive fail-open behavior (proceed if the check is missing/times out). While these actions are within the stated purpose, telling the agent to execute an arbitrary home-directory binary (not supplied) and to perform reads/writes to user filesystem and network endpoints is high-impact and should be justified with source/install provenance.
Install Mechanism
There is no install specification and no code files — lowest installer risk. But that creates a practical problem: the runtime assumes binaries and helper scripts exist under ~/.shoofly. Because no install or trusted release URL is provided, the skill either expects a manual, out-of-band install or a preexisting third-party component. Asking agents to invoke a non-provided binary is a deployment/integrity gap and increases risk if the user later installs an untrusted binary to satisfy the skill.
Credentials
The skill declares no required environment variables (good), yet its checks and detection rules explicitly target highly sensitive files and credential patterns (e.g., ~/.ssh, ~/.aws/credentials, OpenAI/GH/AWS key regexes). The SKILL.md also instructs writing to ~/.shoofly/logs and reading ~/.shoofly/config.json, but the metadata declared no required config paths. The mismatch between declared requirements and actual file/credential access in the instructions is disproportionate and unexplained.
Persistence & Privilege
always:false and default autonomous invocation are acceptable. The skill asks to write logs and read config under ~/.shoofly, which grants it persistent storage under the user's home if the user installs the binary — that is reasonable for a local security wrapper, but because the skill does not provide or validate that component, the persistence surface is unclear. There is no evidence it modifies other skills or system-wide config beyond its own ~/.shoofly directory.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install shoofly-advanced
  3. After installation, invoke the skill by name or use /shoofly-advanced
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.3.0
v2: Claude Code runtime support — PreToolUse hook, install-claude-code-advanced.sh, same threat policy as OpenClaw
v1.2.5
Repositioned as tool call interceptor — 'blocked, not detected' framing, Why Advanced section, updated description for vector search discoverability
v1.2.4
Initial ClawHub listing — pre-execution threat blocking, daemon + hook architecture
Metadata
Slug shoofly-advanced
Version 1.3.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 3
Frequently Asked Questions

What is Shoofly Advanced?

Pre-execution security layer for AI agents. Intercepts and blocks dangerous tool calls before they fire -- not detected after. Works with OpenClaw and Claude... It is an AI Agent Skill for Claude Code / OpenClaw, with 123 downloads so far.

How do I install Shoofly Advanced?

Run "/install shoofly-advanced" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Shoofly Advanced free?

Yes, Shoofly Advanced is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Shoofly Advanced support?

Shoofly Advanced is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Shoofly Advanced?

It is built and maintained by wow-leeroy-jenkins05 (@wow-leeroy-jenkins05); the current version is v1.3.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments