← Back to Skills Marketplace
archidoge0

SAFE-Fuzzer

by agentsey · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
109
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install safe-fuzzer-deprecated
Description
Sandbox-only behavior-led gray-box skill fuzzer. Spawns a worker subagent, probes an installed target skill, deploys honeypot fixtures, and returns a structu...
Usage Guidance
This skill appears to be what it claims: a sandbox-only fuzzer that spawns worker subagents and runs probes inside a locked sandbox. Before installing/running: (1) ensure you run it only in a fully isolated sandbox with agents.defaults.sandbox.mode: "all" as the SKILL.md requires; (2) confirm that tripwire/fixture semantics are synthetic (the skill claims 'synthetic_secrets_only') so the fuzzer will not look for or leak your real secrets; (3) accept that the fuzzer is allowed to read target-owned files for gray-box planning — if your installed target skill contains sensitive keys/configs, move them out of the test workspace first; (4) note the README lists recommended tooling (node, python, curl, jq) although the skill metadata doesn't declare required binaries — ensure your sandbox image provides those if you expect the worker to run tooling. If you need a stricter guarantee that no environment variables or host configs will ever be accessed, request explicit confirmation from the skill author or run a short controlled test on a disposable target first.
Capability Analysis
Type: OpenClaw Skill Name: safe-fuzzer Version: 1.0.0 The safe-fuzzer skill is a security testing tool designed to perform gray-box behavioral analysis on other OpenClaw skills within a sandbox. It exhibits high-risk capabilities, including spawning and orchestrating subagent sessions (sessions_spawn), deploying honeypot fixtures with synthetic secrets (synthetic-secrets.env), and executing automated probes that exercise network egress, file manipulation, and shell execution. While the skill includes significant safety gates—such as mandatory sandbox checks and prohibitions against accessing real host credentials or environment variables—the inherent risk of automated subagent orchestration and the execution of behavioral probes against other software components aligns with the criteria for a suspicious classification.
Capability Assessment
Purpose & Capability
Name and description match the runtime instructions: orchestration, worker-spawn, honeypot fixture deployment, and structured reporting. No credentials, binaries, or install steps are declared, which is coherent for an instruction-only orchestrator that expects a sandbox image to provide runtime tools. README lists recommended container tooling (node, npm, python3, git, curl, jq) but the skill metadata does not declare required binaries — this is a minor documentation mismatch but not a functional incoherence.
Instruction Scope
SKILL.md explicitly limits behavior to a locked sandbox, forbids reading host env/config paths, and requires preflight checks. It authorizes limited gray-box reads of target SKILL.md and ./skills/<target>/** to improve probe planning — this is reasonable for a gray-box fuzzer but could expose target-local secrets if those exist; the instructions also mandate synthetic secrets only and honeypot fixtures. Overall the scope stays within the stated fuzzer purpose, but operators should be aware that allowed 'limited reads' of target files can surface sensitive data from the target skill's workspace.
Install Mechanism
No install spec (instruction-only) — lowest-risk class. The skill expects the runtime sandbox to provide requisite binaries/images but does not attempt to download or install code itself. README notes external SAFE project references, but there is no remote installer or extraction step in the skill bundle.
Credentials
The skill declares no required environment variables or credentials (proportional). However, preset/report examples and 'tripwire_focus' mention items like 'OPENAI_API_KEY' as bait/tripwire artifacts; combined with the instruction forbidding reading host env vars, this creates potential ambiguity about whether the worker should probe for environment secrets. The SKILL.md explicitly forbids reading host environment variables and specific host config files, which is appropriate — operators should confirm how tripwire detection is implemented (fixture-based synthetic secrets vs reading real env).
Persistence & Privilege
Does not request always:true or any elevated persistent presence. The skill's model invocation is disabled for the parent, and it uses sessions_spawn/sessions_send to create worker sessions for probe execution — this is consistent with an orchestration-only role. No instructions modify other skills' configs or claim system-wide changes.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install safe-fuzzer-deprecated
  3. After installation, invoke the skill by name or use /safe-fuzzer-deprecated
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
safe-fuzzer 1.0.0 — Initial release - Introduces a sandbox-only, behavior-led gray-box fuzzer for installed skills. - Features a parent/worker model: the parent orchestrates, while a dedicated subagent executes probes against the target skill. - Deploys honeypot fixtures and reports all file, shell, and network activity in a structured JSON risk report. - Enforces strict sandbox preflight checks and never requests or exposes real credentials. - Supports configurable probe presets (`min`, `balanced`, `max`) with mandatory probe order and fixture deployment. - Requires explicit user invocation and does not auto-run in ordinary chat turns.
Metadata
Slug safe-fuzzer-deprecated
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is SAFE-Fuzzer?

Sandbox-only behavior-led gray-box skill fuzzer. Spawns a worker subagent, probes an installed target skill, deploys honeypot fixtures, and returns a structu... It is an AI Agent Skill for Claude Code / OpenClaw, with 109 downloads so far.

How do I install SAFE-Fuzzer?

Run "/install safe-fuzzer-deprecated" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is SAFE-Fuzzer free?

Yes, SAFE-Fuzzer is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does SAFE-Fuzzer support?

SAFE-Fuzzer is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created SAFE-Fuzzer?

It is built and maintained by agentsey (@archidoge0); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments