[Nyx Archive] Skill Security Protocol

Teach your AI agent to think about security. A reasoning methodology for vetting skills before installation — red/green flag heuristics, 4-phase audit protoc...

This skill appears coherent with its stated purpose (a text-based methodology) and has no direct code or credential requests, which is good. However, the documentation contains a prompt-injection pattern that could be either an example or an embedded attempt to override safety. Before installing or running this skill: (1) open SKILL.md and search for literal phrases like 'ignore previous instructions', 'ignore safety', or any direct directive to bypass agent constraints; (2) ensure the file only contains warnings/examples about prompt injection rather than operational directives; (3) run the audit steps in a sandboxed agent session that has no access to your real credentials or filesystem; (4) do not grant any agent running this skill shell access or the ability to read system secrets unless you have manually verified every instruction; (5) if anything in the document instructs the agent to fetch or execute remote code, treat it as a red flag and do not proceed. If you want higher assurance, ask the publisher for provenance (author identity, repository history) or prefer skills from established authors.

Type: OpenClaw Skill Name: nyx-archive-skill-security-protocol Version: 1.1.1 The OpenClaw AgentSkills skill bundle 'nyx-archive-skill-security-protocol' is benign. Its `SKILL.md` file provides a comprehensive, instruction-based security protocol for an AI agent to vet other skills. It explicitly warns against various attack patterns, including prompt injection, and instructs the agent to use standard system commands (`find`, `cat`, `ps`, `ss`, `crontab`, `ls`) solely for auditing and verification purposes. The skill itself contains no executable scripts or binaries, adhering to its 'zero dependencies' claim, and its entire content is dedicated to enhancing the agent's security judgment.