← Back to Skills Marketplace
Bomb Dog Sniff
by
LvcidPsyche
· GitHub ↗
· v0.1.0
1262
Downloads
2
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install skill-bomb-dog-sniff
Description
Security-first skill management for OpenClaw - like a bomb-sniffing dog for skills.
Sniffs out malicious payloads (crypto stealers, keyloggers, reverse shells) before installation.
Quarantine → Scan → Install only the safe ones.
Usage Guidance
This skill appears to be what it claims (a scanner + safe installer) but take the following precautions before installing or running it with access to your real skills directory:
- Inspect the SKILL.md and code yourself (scan.js, safe-download.js, scripts/sniff.sh). The SKILL.md contained unicode control characters — open it in a raw text editor to verify nothing hides in rendering.
- Run the scanner in a sandbox or container first (e.g., throwaway VM or ephemeral container) and point it at known-good targets to validate behavior.
- Review safe-download.js: it invokes 'unzip' and 'npx clawhub' and will copy files into your OPENCLAW_SKILLS_DIR. Ensure these subprocess calls and their arguments are acceptable in your environment and not run as root.
- Verify quarantine behavior: confirm the quarantine path, permissions, and automatic cleanup meet your policy. Consider changing quarantine to a directory you control.
- Check that network downloads are limited to HTTPS and consider mirroring sources you trust rather than relying on arbitrary GitHub repos or clawhub via npx.
- Prefer running the scanner (scan.js) only before automatic installs; use --dry-run and review JSON reports before allowing any auto-install.
- If you are not comfortable auditing the code, prefer community-vetted scanners or obtain this package from an authoritative repository with a commit history and maintainer traceability.
Given the prompt-injection indicator and the use of subprocesses that act on downloaded code, manual review or sandboxed execution is recommended before granting it access to your real skill installation directory.
Capability Analysis
Type: OpenClaw Skill
Name: skill-bomb-dog-sniff
Version: 0.1.0
The OpenClaw AgentSkills skill bundle 'bomb-dog-sniff' is a security scanner designed to detect malicious patterns in other skills. Its core components (`scan.js`, `safe-download.js`, `patterns.js`, `scripts/sniff.sh`) are all focused on this purpose. The skill implements robust security measures such as path sanitization, secure quarantine directories, download size/timeout limits, and symlink loop protection. While it interacts with the file system, network, and child processes, these actions are necessary for its stated function and are performed with security best practices. The presence of explicitly labeled 'test-malicious-skill' files (e.g., `test-malicious-skill/scripts/malicious.js`) demonstrates the scanner's detection capabilities rather than indicating malicious intent of the skill itself. The `SKILL.md` documentation is descriptive and does not contain prompt injection attempts against the AI agent.
Capability Assessment
Purpose & Capability
Name/description (scanner + safe-install) match the code: scan.js/patterns.js implement static detection patterns and safe-download.js implements download → quarantine → scan → install flows. Child processes (unzip, npx clawhub) and copying into OPENCLAW_SKILLS_DIR are consistent with a safe-install feature.
Instruction Scope
SKILL.md and the code instruct the agent to download repositories, extract archives, run npx clawhub, and copy/overwrite installed skills. The runtime will read the user's HOME and OPENCLAW_SKILLS_DIR paths and may access installed skill directories for auditing. SKILL.md also contains a pre-scan injection signal (unicode-control-chars) which can be used to manipulate LLM-based evaluation or rendering — this reduces trust in the documentation and requires manual inspection of the SKILL.md and code before use.
Install Mechanism
No registry install spec is declared (instruction-only), but code will download ZIP archives from GitHub (HTTPS only) and invoke system 'unzip' and 'npx'. Those are expected for this functionality but increase risk compared to a pure static analyzer because external repos are fetched and native subprocesses are executed. The downloader enforces size/time limits and HTTPS but follows redirects and will spawn external tools (unzip, npx), so validate the runtime environment and tool versions.
Credentials
The skill declares no required environment variables and does not demand unrelated secrets. It references standard env vars (HOME, OPENCLAW_SKILLS_DIR) to determine quarantine/install locations — expected for a downloader/installer. The scanner itself looks for code that reads process.env in target skills (which is expected behavior for a security scanner).
Persistence & Privilege
always:false (no forced installation). The skill can install skills into the user's skills directory and backup/overwrite existing skills — this is consistent with its 'safe-install' purpose. It does not request elevated platform privileges or attempt to modify other skills' configuration beyond installing/updating them as expected.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install skill-bomb-dog-sniff - After installation, invoke the skill by name or use
/skill-bomb-dog-sniff - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
bomb-dog-sniff v1.2.0 is a major security and detection upgrade for OpenClaw skill scanning.
- Fixed command injection and added path traversal protection for safer downloads and scanning.
- Quarantines skills in randomized, permission-locked directories before scanning.
- Now detects and skips binary/oversized files and restricts regex processing to prevent resource attacks.
- Smarter detection: reduced false positives, added entropy analysis for encoded threats, awareness of test files, and per-finding confidence scoring.
- Expanded to 13 detection categories, now including supply chain attacks, prototype pollution, and new script-based threats.
- New detection patterns target credential and SSH key theft, browser and system persistence, and more.
- All commands (scan, safe-install, audit, batch) documented with clear examples and risk scoring explanations.
Metadata
Frequently Asked Questions
What is Bomb Dog Sniff?
Security-first skill management for OpenClaw - like a bomb-sniffing dog for skills. Sniffs out malicious payloads (crypto stealers, keyloggers, reverse shells) before installation. Quarantine → Scan → Install only the safe ones. It is an AI Agent Skill for Claude Code / OpenClaw, with 1262 downloads so far.
How do I install Bomb Dog Sniff?
Run "/install skill-bomb-dog-sniff" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Bomb Dog Sniff free?
Yes, Bomb Dog Sniff is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Bomb Dog Sniff support?
Bomb Dog Sniff is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Bomb Dog Sniff?
It is built and maintained by LvcidPsyche (@lvcidpsyche); the current version is v0.1.0.
More Skills