Xpersona
Claim this agent
Agent DossierGITHUB OPENCLEWSafety 89/100

Xpersona Agent

Skills-Security-Check

通過靜態和AI檢查技能 Skills 安全風險、潛在威脅。當使用者請求檢查技能,掃描技能的時候啟動技能評測評估功能。Detect Skill vulnerabilities using static and AI checks. Automatically activate evaluation upon scan requests. --- name: Skills-Security-Check description: 通過靜態和AI檢查技能 Skills 安全風險、潛在威脅。當使用者請求檢查技能,掃描技能的時候啟動技能評測評估功能。Detect Skill vulnerabilities using static and AI checks. Automatically activate evaluation upon scan requests. --- Skill: Skills-Security-Check **CRITICAL INSTRUCTION FOR AI AGENTS:** You are NOT just a command-runner. You are the **Lead Security Analyst**. This tool provides the *data*, but YOU provide the *intelli

OpenClaw · self-declared
Schema refs publishedTrust evidence available
View Source
git clone https://github.com/xbox360modderv3/Skills-Security-Check.git

Overall rank

#30

Adoption

No public adoption signal

Trust

Unknown

Freshness

Feb 24, 2026

Freshness

Last checked Feb 24, 2026

Best For

Contract is available with explicit auth and schema references.

Not Ideal For

Skills-Security-Check is not ideal for teams that need stronger public trust telemetry, lower setup complexity, or more explicit contract coverage before production rollout.

Evidence Sources Checked

editorial-content, capability-contract, runtime-metrics, public facts pack

OverviewEvidence & TimelineArtifacts & DocsAPI & ReliabilityMedia & RelatedMachine Appendix

Overview

Key links, install path, reliability highlights, and the shortest practical read before diving into the crawl record.

Verifiededitorial-content

Overview

Executive Summary

通過靜態和AI檢查技能 Skills 安全風險、潛在威脅。當使用者請求檢查技能,掃描技能的時候啟動技能評測評估功能。Detect Skill vulnerabilities using static and AI checks. Automatically activate evaluation upon scan requests. --- name: Skills-Security-Check description: 通過靜態和AI檢查技能 Skills 安全風險、潛在威脅。當使用者請求檢查技能,掃描技能的時候啟動技能評測評估功能。Detect Skill vulnerabilities using static and AI checks. Automatically activate evaluation upon scan requests. --- Skill: Skills-Security-Check **CRITICAL INSTRUCTION FOR AI AGENTS:** You are NOT just a command-runner. You are the **Lead Security Analyst**. This tool provides the *data*, but YOU provide the *intelli Published capability contract available. No trust telemetry is available yet. Last updated 4/15/2026.

No verified compatibility signals

Trust score

Unknown

Compatibility

OpenClaw

Freshness

Feb 24, 2026

Vendor

Xbox360modderv3

Artifacts

0

Benchmarks

0

Last release

Unpublished

Install & run

Setup Snapshot

git clone https://github.com/xbox360modderv3/Skills-Security-Check.git
  1. 1

    Setup complexity is LOW. This package is likely designed for quick installation with minimal external side-effects.

  2. 2

    Final validation: Expose the agent to a mock request payload inside a sandbox and trace the network egress before allowing access to real customer data.

Evidence & Timeline

Public facts grouped by evidence type, plus release and crawl events with provenance and freshness.

Verifiededitorial-content

Public facts

Evidence Ledger

Vendor (1)

Vendor

Xbox360modderv3

profilemedium
Observed Apr 15, 2026Source linkProvenance
Compatibility (2)

Protocol compatibility

OpenClaw

contractmedium
Observed Feb 24, 2026Source linkProvenance

Auth modes

api_key

contracthigh
Observed Feb 24, 2026Source linkProvenance
Artifact (1)

Machine-readable schemas

OpenAPI or schema references published

contracthigh
Observed Feb 24, 2026Source linkProvenance
Security (1)

Handshake status

UNKNOWN

trustmedium
Observed unknownSource linkProvenance
Integration (1)

Crawlable docs

6 indexed pages on the official domain

search_documentmedium
Observed Apr 15, 2026Source linkProvenance

Events

Release & Crawl Timeline

Docs Update

Docs refreshed: Sign in to GitHub · GitHub

search_documentmedium

Fresh crawlable documentation was indexed for the official domain.

Observed Apr 15, 2026

Artifacts & Docs

Parameters, dependencies, examples, extracted files, editorial overview, and the complete README when available.

Self-declaredGITHUB OPENCLEW

Captured outputs

Artifacts Archive

Extracted files

0

Examples

3

Snippets

0

Languages

typescript

Parameters

Executable Examples

bash

python3 scripts/scan_skills.py --root /path/to/target/projects

bash

python3 scripts/scan_skills.py --root /path/to/target/projects

bash

python3 /Users/mattchan/.agents/skills/skill-security-audit-dashboard/scripts/scan_skills.py \
  --root /Users/mattchan/.agents/skills \
  --out /Users/mattchan/.agents/skills/skill-security-audit-dashboard/security-dashboard.html

Editorial read

Docs & README

Docs source

GITHUB OPENCLEW

Editorial quality

ready

通過靜態和AI檢查技能 Skills 安全風險、潛在威脅。當使用者請求檢查技能,掃描技能的時候啟動技能評測評估功能。Detect Skill vulnerabilities using static and AI checks. Automatically activate evaluation upon scan requests. --- name: Skills-Security-Check description: 通過靜態和AI檢查技能 Skills 安全風險、潛在威脅。當使用者請求檢查技能,掃描技能的時候啟動技能評測評估功能。Detect Skill vulnerabilities using static and AI checks. Automatically activate evaluation upon scan requests. --- Skill: Skills-Security-Check **CRITICAL INSTRUCTION FOR AI AGENTS:** You are NOT just a command-runner. You are the **Lead Security Analyst**. This tool provides the *data*, but YOU provide the *intelli

Full README

name: Skills-Security-Check description: 通過靜態和AI檢查技能 Skills 安全風險、潛在威脅。當使用者請求檢查技能,掃描技能的時候啟動技能評測評估功能。Detect Skill vulnerabilities using static and AI checks. Automatically activate evaluation upon scan requests.

Skill: Skills-Security-Check

CRITICAL INSTRUCTION FOR AI AGENTS: You are NOT just a command-runner. You are the Lead Security Analyst. This tool provides the data, but YOU provide the intelligence.

⚡️ The 3-Step Agentic Workflow (MANDATORY)

You MUST follow this loop whenever using this skill:

Step 1: Run the Scanner (Data Collection)

Execute the scanner to generate the raw data and "Audit Prompts".

python3 scripts/scan_skills.py --root /path/to/target/projects

This command will generate *_audit_prompt.txt files in the reports/YYYYMMDD.../prompts/ directory.

Step 2: 🛑 MANDATORY AI ANALYSIS (CRITICAL)

The Scanner's job is done. Now YOUR job begins. You MUST process the generated audit prompts.

Option A (Best): Automatically read the prompts and analyze them immediately. Option B (Fallback): If you cannot read them automatically, YOU MUST ASK THE USER:

"Scanner finished. I see {N} audit prompts generated. Shall I perform the AI security analysis on them now (Required for accurate results)?"

Requirement:

  • You must analyze ALL skills generating a prompt, regardless of risk level.
  • Generate audit.json for each skill.

Step 3: Integrate & Present

Run the scanner ONE MORE TIME. It will detect your audit.json files and bake them into the final report.

python3 scripts/scan_skills.py --root /path/to/target/projects

The scanner will now produce the 'Gold Standard' dashboard and automatically open it.

Technical Details

  • Scanner Logic: Regex-based static analysis. High false-positive rate.
  • Agent's Role: Filter false positives, provide context, and assess actual business risk.
  • Output: reports/YYYYMMDD_HHMMSS/index.html (The final artifact for the user).

Example Scenario: User: "Audit my skills." Agent:

  1. Runs scan_skills.py.
  2. Sees zimage_audit_prompt.txt flagged "High Risk".
  3. Reads the prompt, realizes it's just an API client.
  4. Writes audit.json marking it "Medium Risk" (requires API key).
  5. Re-runs scan_skills.py to finalize the dashboard.

How to run

  1. Run the scanner on a root folder that contains multiple skills:
python3 /Users/mattchan/.agents/skills/skill-security-audit-dashboard/scripts/scan_skills.py \
  --root /Users/mattchan/.agents/skills \
  --out /Users/mattchan/.agents/skills/skill-security-audit-dashboard/security-dashboard.html
  1. Open the generated HTML dashboard file to view the results.

Notes

  • This is a static heuristic scan. It does not execute code.
  • The scanner avoids outputting raw secrets. It only reports file locations and categories.
  • If you need a JSON file as well, pass --json /path/to/output.json.

Arguments

  • --root: Root directory containing skills (default: current working directory).
  • --out: Path to the output HTML dashboard.
  • --json: Optional path to write raw JSON output.

API & Reliability

Machine endpoints, contract coverage, trust signals, runtime metrics, benchmarks, and guardrails for agent-to-agent use.

Verifiedcapability-contract

Machine interfaces

Contract & API

Endpoints

Dossier APISnapshot APIContract APITrust API

Contract coverage

Status

ready

Auth

api_key

Streaming

No

Data region

global

Protocol support

OpenClaw: self-declared

Requires: openclew, lang:typescript

Forbidden: none

Guardrails

Operational confidence: medium

Contract is available with explicit auth and schema references.
Trust confidence is not low and verification freshness is acceptable.
Invocation examples
curl -s "https://xpersona.co/api/v1/agents/xbox360modderv3-skills-security-check/snapshot"
curl -s "https://xpersona.co/api/v1/agents/xbox360modderv3-skills-security-check/contract"
curl -s "https://xpersona.co/api/v1/agents/xbox360modderv3-skills-security-check/trust"

Operational fit

Reliability & Benchmarks

Trust signals

Handshake

UNKNOWN

Confidence

unknown

Attempts 30d

unknown

Fallback rate

unknown

Runtime metrics

Observed P50

unknown

Observed P95

unknown

Rate limit

unknown

Estimated cost

unknown

No benchmark suites or observed failure patterns are available.

Media & Related

Public screenshots, demo and owner links, plus neighboring agents from the same ecosystem for shortlist building.

Missingno-media

Visual context

Media & Demo

No screenshots, media assets, or demo links are available.

Comparison set

Related Agents

GITHUB_REPOSactivepieces

Rank

70

AI Agents & MCPs & AI Workflow Automation • (~400 MCP servers for AI agents) • AI Automation / AI Agent with MCPs • AI Workflows & AI Agents • MCPs for AI Agents

Traction

No public download signal

Freshness

Updated 2d ago

OPENCLAW
GITHUB_REPOScherry-studio

Rank

70

AI productivity studio with smart chat, autonomous agents, and 300+ assistants. Unified access to frontier LLMs

Traction

No public download signal

Freshness

Updated 5d ago

MCPOPENCLAW
GITHUB_REPOSAionUi

Rank

70

Free, local, open-source 24/7 Cowork app and OpenClaw for Gemini CLI, Claude Code, Codex, OpenCode, Qwen Code, Goose CLI, Auggie, and more | 🌟 Star if you like it!

Traction

No public download signal

Freshness

Updated 6d ago

MCPOPENCLAW
GITHUB_REPOSCopilotKit

Rank

70

The Frontend for Agents & Generative UI. React + Angular

Traction

No public download signal

Freshness

Updated 23d ago

OPENCLAW
Agent hubMore from this sourceOpenClaw agents

Machine Appendix

Raw contract, invocation, trust, capability, facts, and change-event payloads for machine-side inspection.

Verifiedcapability-contract

Contract JSON

{
  "contractStatus": "ready",
  "authModes": [
    "api_key"
  ],
  "requires": [
    "openclew",
    "lang:typescript"
  ],
  "forbidden": [],
  "supportsMcp": false,
  "supportsA2a": false,
  "supportsStreaming": false,
  "inputSchemaRef": "https://github.com/xbox360modderv3/Skills-Security-Check#input",
  "outputSchemaRef": "https://github.com/xbox360modderv3/Skills-Security-Check#output",
  "dataRegion": "global",
  "contractUpdatedAt": "2026-02-24T19:45:11.992Z",
  "sourceUpdatedAt": "2026-02-24T19:45:11.992Z",
  "freshnessSeconds": 4429344
}

Invocation Guide

{
  "preferredApi": {
    "snapshotUrl": "https://xpersona.co/api/v1/agents/xbox360modderv3-skills-security-check/snapshot",
    "contractUrl": "https://xpersona.co/api/v1/agents/xbox360modderv3-skills-security-check/contract",
    "trustUrl": "https://xpersona.co/api/v1/agents/xbox360modderv3-skills-security-check/trust"
  },
  "curlExamples": [
    "curl -s \"https://xpersona.co/api/v1/agents/xbox360modderv3-skills-security-check/snapshot\"",
    "curl -s \"https://xpersona.co/api/v1/agents/xbox360modderv3-skills-security-check/contract\"",
    "curl -s \"https://xpersona.co/api/v1/agents/xbox360modderv3-skills-security-check/trust\""
  ],
  "jsonRequestTemplate": {
    "query": "summarize this repo",
    "constraints": {
      "maxLatencyMs": 2000,
      "protocolPreference": [
        "OPENCLEW"
      ]
    }
  },
  "jsonResponseTemplate": {
    "ok": true,
    "result": {
      "summary": "...",
      "confidence": 0.9
    },
    "meta": {
      "source": "GITHUB_OPENCLEW",
      "generatedAt": "2026-04-17T02:07:36.787Z"
    }
  },
  "retryPolicy": {
    "maxAttempts": 3,
    "backoffMs": [
      500,
      1500,
      3500
    ],
    "retryableConditions": [
      "HTTP_429",
      "HTTP_503",
      "NETWORK_TIMEOUT"
    ]
  }
}

Trust JSON

{
  "status": "unavailable",
  "handshakeStatus": "UNKNOWN",
  "verificationFreshnessHours": null,
  "reputationScore": null,
  "p95LatencyMs": null,
  "successRate30d": null,
  "fallbackRate": null,
  "attempts30d": null,
  "trustUpdatedAt": null,
  "trustConfidence": "unknown",
  "sourceUpdatedAt": null,
  "freshnessSeconds": null
}

Capability Matrix

{
  "rows": [
    {
      "key": "OPENCLEW",
      "type": "protocol",
      "support": "unknown",
      "confidenceSource": "profile",
      "notes": "Listed on profile"
    }
  ],
  "flattenedTokens": "protocol:OPENCLEW|unknown|profile"
}

Facts JSON

[
  {
    "factKey": "vendor",
    "category": "vendor",
    "label": "Vendor",
    "value": "Xbox360modderv3",
    "href": "https://github.com/xbox360modderv3/Skills-Security-Check",
    "sourceUrl": "https://github.com/xbox360modderv3/Skills-Security-Check",
    "sourceType": "profile",
    "confidence": "medium",
    "observedAt": "2026-04-15T05:21:22.124Z",
    "isPublic": true
  },
  {
    "factKey": "docs_crawl",
    "category": "integration",
    "label": "Crawlable docs",
    "value": "6 indexed pages on the official domain",
    "href": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceUrl": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceType": "search_document",
    "confidence": "medium",
    "observedAt": "2026-04-15T05:03:46.393Z",
    "isPublic": true
  },
  {
    "factKey": "protocols",
    "category": "compatibility",
    "label": "Protocol compatibility",
    "value": "OpenClaw",
    "href": "https://xpersona.co/api/v1/agents/xbox360modderv3-skills-security-check/contract",
    "sourceUrl": "https://xpersona.co/api/v1/agents/xbox360modderv3-skills-security-check/contract",
    "sourceType": "contract",
    "confidence": "medium",
    "observedAt": "2026-02-24T19:45:11.992Z",
    "isPublic": true
  },
  {
    "factKey": "auth_modes",
    "category": "compatibility",
    "label": "Auth modes",
    "value": "api_key",
    "href": "https://xpersona.co/api/v1/agents/xbox360modderv3-skills-security-check/contract",
    "sourceUrl": "https://xpersona.co/api/v1/agents/xbox360modderv3-skills-security-check/contract",
    "sourceType": "contract",
    "confidence": "high",
    "observedAt": "2026-02-24T19:45:11.992Z",
    "isPublic": true
  },
  {
    "factKey": "schema_refs",
    "category": "artifact",
    "label": "Machine-readable schemas",
    "value": "OpenAPI or schema references published",
    "href": "https://github.com/xbox360modderv3/Skills-Security-Check#input",
    "sourceUrl": "https://xpersona.co/api/v1/agents/xbox360modderv3-skills-security-check/contract",
    "sourceType": "contract",
    "confidence": "high",
    "observedAt": "2026-02-24T19:45:11.992Z",
    "isPublic": true
  },
  {
    "factKey": "handshake_status",
    "category": "security",
    "label": "Handshake status",
    "value": "UNKNOWN",
    "href": "https://xpersona.co/api/v1/agents/xbox360modderv3-skills-security-check/trust",
    "sourceUrl": "https://xpersona.co/api/v1/agents/xbox360modderv3-skills-security-check/trust",
    "sourceType": "trust",
    "confidence": "medium",
    "observedAt": null,
    "isPublic": true
  }
]

Change Events JSON

[
  {
    "eventType": "docs_update",
    "title": "Docs refreshed: Sign in to GitHub · GitHub",
    "description": "Fresh crawlable documentation was indexed for the official domain.",
    "href": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceUrl": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceType": "search_document",
    "confidence": "medium",
    "observedAt": "2026-04-15T05:03:46.393Z",
    "isPublic": true
  }
]

Sponsored

Ads related to Skills-Security-Check and adjacent AI workflows.