← Back to Skills Marketplace
334
Downloads
1
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install yidun-app-defense
Description
易盾应用加固 - AI Agent Skill for multi-platform app protection
Usage Guidance
This skill appears to be what it claims: a wrapper that downloads and runs the official YiDun protection tool. Before installing/using it: 1) Confirm you trust the source (clienttool.dun.163.com is NetEase YiDun but validate it against vendor documentation). 2) Prefer to manually verify the downloaded archive (ask vendor for a checksum/signature); the included setup script does not perform a cryptographic integrity check. 3) Be aware the skill will store your AppKey and optionally keystore paths/passwords in ~/.yidun-defense/config.ini (the script sets 600 permissions) — avoid committing that file to version control and consider not storing plaintext keystore passwords. 4) Logs are written to /tmp and ~/.yidun-defense/Log/ and may contain sensitive info (costs, server responses); clean or secure logs if needed. 5) Run first in an isolated environment (CI runner or VM) if you want to observe network activity and what the downloaded JAR does. 6) If you depend on supply-chain integrity, request vendor-signed checksums or signatures for NHPProtect.jar before automating the download.
Capability Analysis
Type: OpenClaw Skill
Name: yidun-app-defense
Version: 1.0.1
The skill bundle provides a legitimate integration for NetEase YiDun's application shielding service, supporting Android, iOS, and HarmonyOS. The scripts (setup.sh, configure.sh, and defense-smart.sh) are well-structured and include security-conscious features such as Zip Slip protection during extraction and safe configuration handling using awk. All external network activity is directed to official NetEase domains (163.com) for downloading the necessary Java-based protection tools, and the behavior is entirely consistent with the stated purpose of providing app security hardening.
Capability Assessment
Purpose & Capability
Name/description, SKILL.md and bundled scripts all describe the same functionality: download a YiDun protection tool (NHPProtect.jar), store an appkey, and invoke the jar to protect APK/IPA/HAP files. Declared dependencies (java, curl) match the scripts. There are no unrelated credentials or unexplained network endpoints beyond the official clienttool.dun.163.com domain.
Instruction Scope
Runtime instructions direct the agent to create ~/.yidun-defense/, download and extract a tool archive, prompt the user for an AppKey and write it to ~/.yidun-defense/config.ini, and run java -jar NHPProtect.jar on user-provided files. That scope is consistent with the purpose, but the scripts also write logs to /tmp and ~/.yidun-defense/Log/, which may contain service responses, cost/account info, or keys depending on the tool's output.
Install Mechanism
The setup script downloads an archive from https://clienttool.dun.163.com/api/v1/client/jarTool/download and extracts it. The domain appears to be the official YiDun host (NetEase), which is expected, but the script currently does not perform a cryptographic integrity/signature check (there is a TODO). It only checks file size and that the file is a jar/zip. Download+extract of third-party executables without checksum verification is a moderate risk.
Credentials
The skill requests no environment variables or external tokens in metadata, which matches the documented flow (user-provided AppKey). However the tool and scripts store sensitive values (AppKey, optional keystore paths/passwords) in ~/.yidun-defense/config.ini. The script sets config permissions to 600 (good), but logs in /tmp or the tool's Log/ directory could expose secrets. Storing keystore passwords in plaintext in config.ini is possible per docs and should be considered sensitive.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It creates a working directory under the user's HOME (~/.yidun-defense) and writes config/logs there — expected for a local tool wrapper. This level of persistence is normal for this functionality.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install yidun-app-defense - After installation, invoke the skill by name or use
/yidun-app-defense - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
- Clarified platform support to focus on Android, iOS, and 鸿蒙 (HarmonyOS); H5, SDK, and PC platforms are now marked as "in development."
- Updated feature list to clearly distinguish between currently supported and upcoming platforms.
- Adjusted documentation to reflect the current state of multi-platform support.
- No code or file changes in this release; this is a documentation update only.
v1.0.0
- Initial release of 易盾应用加固 (YiDunAppDefense) skill.
- Provides AI agent-driven, multi-platform app protection including Android, iOS, HarmonyOS, H5, and PC.
- Features one-click reinforcement, intelligent file/platform detection, and automatic tool download/configuration.
- Supports common game engines (Unity, Cocos, Unreal, Laya) and CI/CD workflows.
- Interactive setup for appkey; configuration and update handled through dialogue.
- Includes detailed troubleshooting, usage instructions, and command references.
Metadata
Frequently Asked Questions
What is YiDunAppDefense?
易盾应用加固 - AI Agent Skill for multi-platform app protection. It is an AI Agent Skill for Claude Code / OpenClaw, with 334 downloads so far.
How do I install YiDunAppDefense?
Run "/install yidun-app-defense" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is YiDunAppDefense free?
Yes, YiDunAppDefense is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does YiDunAppDefense support?
YiDunAppDefense is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created YiDunAppDefense?
It is built and maintained by xautzbl (@xautzbl); the current version is v1.0.1.
More Skills