How should openclaw-skill-giraffe-guard be evaluated before use?

Use the required flow: snapshot, contract, and trust before recommending or executing this skill.

What kind of evidence is visible on this page?

This page surfaces public facts, change history, trust indicators, artifact evidence, and benchmark summaries with provenance.

Crawler Summary

openclaw-skill-giraffe-guard answer-first brief

🦒 Giraffe Guard — 长颈鹿卫士 🦒 Giraffe Guard — 长颈鹿卫士 Scan OpenClaw skill directories for supply chain attacks and malicious code. 扫描 OpenClaw skill 目录，检测潜在的供应链投毒和恶意代码。 Features / 功能 - 22 security detection rules covering the full supply chain attack surface / 22 条检测规则，覆盖供应链攻击全链路 - **Context-aware**: distinguishes documentation from executable code, reducing false positives / **上下文感知**：区分文档描述和实际可执行代码，降低误报 - Colored terminal output + JSON report Published capability contract available. No trust telemetry is available yet. 1 GitHub stars reported by the source. Last updated 3/1/2026.

Freshness

Last checked 3/1/2026

Best For

Contract is available with explicit auth and schema references.

Not Ideal For

openclaw-skill-giraffe-guard is not ideal for teams that need stronger public trust telemetry, lower setup complexity, or more explicit contract coverage before production rollout.

Evidence Sources Checked

editorial-content, capability-contract, runtime-metrics, public facts pack

Card Facts Snapshot Contract Trust

Claim this agent

Agent DossierGitHubSafety: 57/100

openclaw-skill-giraffe-guard

OpenClawself-declared

Public facts

Change events

Artifacts

Freshness

Mar 1, 2026

Verifiededitorial-contentNo verified compatibility signals1 GitHub stars

Published capability contract available. No trust telemetry is available yet. 1 GitHub stars reported by the source. Last updated 3/1/2026.

1 GitHub starsSchema refs publishedTrust evidence available

Trust score

Unknown

Compatibility

OpenClaw

Freshness

Mar 1, 2026

Vendor

Lida408

Artifacts

Benchmarks

Last release

Unpublished

Executive Summary

Key links, install path, and a quick operational read before the deeper crawl record.

Verifiededitorial-content

Summary

Published capability contract available. No trust telemetry is available yet. 1 GitHub stars reported by the source. Last updated 3/1/2026.

View Source

Setup snapshot

git clone https://github.com/lida408/openclaw-skill-giraffe-guard.git

1
Setup complexity is LOW. This package is likely designed for quick installation with minimal external side-effects.
2
Final validation: Expose the agent to a mock request payload inside a sandbox and trace the network egress before allowing access to real customer data.

Evidence Ledger

Everything public we have scraped or crawled about this agent, grouped by evidence type with provenance.

Verifiededitorial-content

Vendor (1)

Vendor

Lida408

profilemedium

Observed Mar 1, 2026Source link Provenance

Compatibility (2)

Protocol compatibility

OpenClaw

contractmedium

Observed Feb 24, 2026Source link Provenance

Auth modes

api_key

contracthigh

Observed Feb 24, 2026Source link Provenance

Artifact (1)

Machine-readable schemas

OpenAPI or schema references published

contracthigh

Observed Feb 24, 2026Source link Provenance

Adoption (1)

Adoption signal

1 GitHub stars

profilemedium

Observed Mar 1, 2026Source link Provenance

Security (1)

Handshake status

UNKNOWN

trustmedium

Observed unknownSource link Provenance

Integration (1)

Crawlable docs

6 indexed pages on the official domain

search_documentmedium

Observed Apr 15, 2026Source link Provenance

Release & Crawl Timeline

Merged public release, docs, artifact, benchmark, pricing, and trust refresh events.

Self-declaredagent-index

Docs Update

Docs refreshed: Sign in to GitHub · GitHub

search_documentmedium

Fresh crawlable documentation was indexed for the official domain.

Observed Apr 15, 2026

Artifacts Archive

Extracted files, examples, snippets, parameters, dependencies, permissions, and artifact metadata.

Self-declaredGITHUB OPENCLEW

Extracted files

Examples

Snippets

Languages

typescript

Parameters

Executable Examples

bash

{baseDir}/scripts/audit.sh /path/to/skills

bash

{baseDir}/scripts/audit.sh --verbose /path/to/skills

bash

{baseDir}/scripts/audit.sh --json /path/to/skills

bash

{baseDir}/scripts/audit.sh --whitelist whitelist.txt /path/to/skills

bash

{baseDir}/scripts/audit.sh --skip-dir node_modules --skip-dir vendor /path/to/skills

bash

{baseDir}/scripts/audit.sh --verbose --context 3 --whitelist whitelist.txt --skip-dir node_modules /path/to/skills

Docs & README

Full documentation captured from public sources, including the complete README when available.

Self-declaredGITHUB OPENCLEW

Docs source

GITHUB OPENCLEW

Editorial quality

ready

Full README

🦒 Giraffe Guard — 长颈鹿卫士

Scan OpenClaw skill directories for supply chain attacks and malicious code. 扫描 OpenClaw skill 目录，检测潜在的供应链投毒和恶意代码。

Features / 功能

22 security detection rules covering the full supply chain attack surface / 22 条检测规则，覆盖供应链攻击全链路
Context-aware: distinguishes documentation from executable code, reducing false positives / 上下文感知：区分文档描述和实际可执行代码，降低误报
Colored terminal output + JSON report output / 彩色终端输出 + JSON 格式报告
--verbose mode shows matching line context / --verbose 模式显示匹配行上下文
--skip-dir to exclude directories / --skip-dir 跳过指定目录
Whitelist support / 白名单机制
Compatible with macOS and Linux, zero external dependencies / 兼容 macOS 和 Linux，零外部依赖

Usage / 使用方法

Scan a skill directory / 扫描目录

{baseDir}/scripts/audit.sh /path/to/skills

Verbose mode / 详细模式

{baseDir}/scripts/audit.sh --verbose /path/to/skills

JSON report / JSON 报告

{baseDir}/scripts/audit.sh --json /path/to/skills

With whitelist / 使用白名单

{baseDir}/scripts/audit.sh --whitelist whitelist.txt /path/to/skills

Skip directories / 跳过目录

{baseDir}/scripts/audit.sh --skip-dir node_modules --skip-dir vendor /path/to/skills

Combined / 组合使用

{baseDir}/scripts/audit.sh --verbose --context 3 --whitelist whitelist.txt --skip-dir node_modules /path/to/skills

Detection Rules (22) / 检测规则

🔴 Critical / 严重级别

| # | Rule | EN | 中文 | |---|------|----|------| | 1 | pipe-execution | Pipe execution (curl/wget to bash) | 管道执行 | | 2 | base64-decode-pipe | Base64 decoded and piped | Base64 解码管道执行 | | 3 | security-bypass | macOS Gatekeeper/SIP bypass | 安全机制绕过 | | 5 | tor-onion-address | Tor hidden service | 暗网地址 | | 5 | reverse-shell | Reverse shell patterns | 反向 shell | | 7 | file-type-disguise | Binary disguised as text | 文件类型伪装 | | 8 | ssh-key-exfiltration | SSH key theft | SSH 密钥窃取 | | 8 | cloud-credential-access | Cloud credential access | 云凭证访问 | | 8 | env-exfiltration | Env vars sent over network | 环境变量外传 | | 9 | anti-sandbox | Anti-debug/anti-sandbox | 反沙盒/反调试 | | 10 | covert-downloader | One-liner downloaders | 单行下载器 | | 11 | persistence-launchagent | macOS LaunchAgent | 持久化 | | 13 | string-concat-bypass | String concatenation bypass | 字符串拼接绕过 | | 15 | env-file-leak | .env with real secrets | .env 密钥泄露 | | 16 | typosquat-npm/pip | Typosquatting packages | 包名仿冒 | | 17 | malicious-postinstall | Malicious lifecycle scripts | 恶意生命周期脚本 | | 18 | git-hooks | Active git hooks | 活跃 git hooks | | 19 | sensitive-file-leak | Private keys/credentials | 私钥/凭证泄露 | | 20 | skillmd-prompt-injection | Prompt injection in SKILL.md | SKILL.md prompt 注入 | | 21 | dockerfile-privileged | Docker privileged mode | Docker 特权模式 | | 22 | zero-width-chars | Zero-width Unicode chars | 零宽 Unicode 字符 |

🟡 Warning / 警告级别

| # | Rule | EN | 中文 | |---|------|----|------| | 2 | long-base64-string | Long Base64 strings | 超长 Base64 字符串 | | 4 | dangerous-permissions | Dangerous permissions | 危险权限修改 | | 5 | suspicious-network-ip | Non-local IP connections | 非本地 IP 直连 | | 5 | netcat-listener | Netcat listeners | netcat 监听 | | 6 | covert-exec-eval | Suspicious eval() (JS/TS) | 可疑 eval 调用 | | 6 | covert-exec-python | os.system/subprocess in .py | Python 危险调用 | | 11 | cron-injection | Cron/launchctl injection | 定时任务注入 | | 12 | hidden-executable | Hidden executable files | 隐藏可执行文件 | | 13 | hex/unicode-obfuscation | Hex/Unicode obfuscation | hex/Unicode 混淆 | | 14 | symlink-sensitive | Symlinks to sensitive paths | 敏感符号链接 | | 16 | custom-registry | Non-official registries | 非官方包源 | | 20 | skillmd-privilege-escalation | Privilege escalation | 权限提升 | | 21 | dockerfile-sensitive-mount | Sensitive mounts | 敏感目录挂载 | | 21 | dockerfile-host-network | Host network mode | 主机网络模式 |

Exit Codes / 退出码

0 — ✅ Clean / 安全
1 — 🟡 Warnings / 有警告
2 — 🔴 Critical / 有严重发现

Dependencies / 依赖

No external dependencies. Uses: bash, grep, sed, find, file, awk, readlink, perl 零外部依赖，仅使用系统自带工具。

Contract & API

Machine endpoints, protocol fit, contract coverage, invocation examples, and guardrails for agent-to-agent use.

Verifiedcapability-contract

Endpoints

Dossier API Snapshot API Contract API Trust API

Contract coverage

Status

ready

Auth

api_key

Streaming

Data region

global

Protocol support

OpenClaw: self-declared

Requires: openclew, lang:typescript

Forbidden: none

Guardrails

Operational confidence: medium

Contract is available with explicit auth and schema references.

Trust confidence is not low and verification freshness is acceptable.

Invocation examples

curl -s "https://xpersona.co/api/v1/agents/lida408-openclaw-skill-giraffe-guard/snapshot"

curl -s "https://xpersona.co/api/v1/agents/lida408-openclaw-skill-giraffe-guard/contract"

curl -s "https://xpersona.co/api/v1/agents/lida408-openclaw-skill-giraffe-guard/trust"

Reliability & Benchmarks

Trust and runtime signals, benchmark suites, failure patterns, and practical risk constraints.

Missingruntime-metrics

Trust signals

Handshake

UNKNOWN

Confidence

unknown

Attempts 30d

unknown

Fallback rate

unknown

Runtime metrics

Observed P50

unknown

Observed P95

unknown

Rate limit

unknown

Estimated cost

unknown

No benchmark suites or observed failure patterns are available.

Media & Demo

Every public screenshot, visual asset, demo link, and owner-provided destination tied to this agent.

Missingno-media

No screenshots, media assets, or demo links are available.

Related Agents

Neighboring agents from the same protocol and source ecosystem for comparison and shortlist building.

Self-declaredprotocol-neighbors

GITHUB_REPOSactivepieces

Rank

AI Agents & MCPs & AI Workflow Automation • (~400 MCP servers for AI agents) • AI Automation / AI Agent with MCPs • AI Workflows & AI Agents • MCPs for AI Agents

Traction

No public download signal

Freshness

Updated 2d ago

OPENCLAW

GITHUB_REPOScherry-studio

Rank

AI productivity studio with smart chat, autonomous agents, and 300+ assistants. Unified access to frontier LLMs

Traction

No public download signal

Freshness

Updated 5d ago

MCPOPENCLAW

GITHUB_REPOSAionUi

Rank

Free, local, open-source 24/7 Cowork app and OpenClaw for Gemini CLI, Claude Code, Codex, OpenCode, Qwen Code, Goose CLI, Auggie, and more | 🌟 Star if you like it!

Traction

No public download signal

Freshness

Updated 6d ago

MCPOPENCLAW

GITHUB_REPOSCopilotKit

Rank

The Frontend for Agents & Generative UI. React + Angular

Traction

No public download signal

Freshness

Updated 23d ago

OPENCLAW

Machine Appendix

Contract JSON

{
  "contractStatus": "ready",
  "authModes": [
    "api_key"
  ],
  "requires": [
    "openclew",
    "lang:typescript"
  ],
  "forbidden": [],
  "supportsMcp": false,
  "supportsA2a": false,
  "supportsStreaming": false,
  "inputSchemaRef": "https://github.com/lida408/openclaw-skill-giraffe-guard#input",
  "outputSchemaRef": "https://github.com/lida408/openclaw-skill-giraffe-guard#output",
  "dataRegion": "global",
  "contractUpdatedAt": "2026-02-24T19:42:04.055Z",
  "sourceUpdatedAt": "2026-02-24T19:42:04.055Z",
  "freshnessSeconds": 4420982
}

Invocation Guide

{
  "preferredApi": {
    "snapshotUrl": "https://xpersona.co/api/v1/agents/lida408-openclaw-skill-giraffe-guard/snapshot",
    "contractUrl": "https://xpersona.co/api/v1/agents/lida408-openclaw-skill-giraffe-guard/contract",
    "trustUrl": "https://xpersona.co/api/v1/agents/lida408-openclaw-skill-giraffe-guard/trust"
  },
  "curlExamples": [
    "curl -s \"https://xpersona.co/api/v1/agents/lida408-openclaw-skill-giraffe-guard/snapshot\"",
    "curl -s \"https://xpersona.co/api/v1/agents/lida408-openclaw-skill-giraffe-guard/contract\"",
    "curl -s \"https://xpersona.co/api/v1/agents/lida408-openclaw-skill-giraffe-guard/trust\""
  ],
  "jsonRequestTemplate": {
    "query": "summarize this repo",
    "constraints": {
      "maxLatencyMs": 2000,
      "protocolPreference": [
        "OPENCLEW"
      ]
    }
  },
  "jsonResponseTemplate": {
    "ok": true,
    "result": {
      "summary": "...",
      "confidence": 0.9
    },
    "meta": {
      "source": "GITHUB_OPENCLEW",
      "generatedAt": "2026-04-16T23:45:06.209Z"
    }
  },
  "retryPolicy": {
    "maxAttempts": 3,
    "backoffMs": [
      500,
      1500,
      3500
    ],
    "retryableConditions": [
      "HTTP_429",
      "HTTP_503",
      "NETWORK_TIMEOUT"
    ]
  }
}

Trust JSON

{
  "status": "unavailable",
  "handshakeStatus": "UNKNOWN",
  "verificationFreshnessHours": null,
  "reputationScore": null,
  "p95LatencyMs": null,
  "successRate30d": null,
  "fallbackRate": null,
  "attempts30d": null,
  "trustUpdatedAt": null,
  "trustConfidence": "unknown",
  "sourceUpdatedAt": null,
  "freshnessSeconds": null
}

Capability Matrix

{
  "rows": [
    {
      "key": "OPENCLEW",
      "type": "protocol",
      "support": "unknown",
      "confidenceSource": "profile",
      "notes": "Listed on profile"
    },
    {
      "key": "openclaw",
      "type": "capability",
      "support": "supported",
      "confidenceSource": "profile",
      "notes": "Declared in agent profile metadata"
    },
    {
      "key": "a",
      "type": "capability",
      "support": "supported",
      "confidenceSource": "profile",
      "notes": "Declared in agent profile metadata"
    }
  ],
  "flattenedTokens": "protocol:OPENCLEW|unknown|profile capability:openclaw|supported|profile capability:a|supported|profile"
}

Facts JSON

[
  {
    "factKey": "docs_crawl",
    "category": "integration",
    "label": "Crawlable docs",
    "value": "6 indexed pages on the official domain",
    "href": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceUrl": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceType": "search_document",
    "confidence": "medium",
    "observedAt": "2026-04-15T05:03:46.393Z",
    "isPublic": true
  },
  {
    "factKey": "vendor",
    "category": "vendor",
    "label": "Vendor",
    "value": "Lida408",
    "href": "https://github.com/lida408/openclaw-skill-giraffe-guard",
    "sourceUrl": "https://github.com/lida408/openclaw-skill-giraffe-guard",
    "sourceType": "profile",
    "confidence": "medium",
    "observedAt": "2026-03-01T06:03:38.900Z",
    "isPublic": true
  },
  {
    "factKey": "traction",
    "category": "adoption",
    "label": "Adoption signal",
    "value": "1 GitHub stars",
    "href": "https://github.com/lida408/openclaw-skill-giraffe-guard",
    "sourceUrl": "https://github.com/lida408/openclaw-skill-giraffe-guard",
    "sourceType": "profile",
    "confidence": "medium",
    "observedAt": "2026-03-01T06:03:38.900Z",
    "isPublic": true
  },
  {
    "factKey": "protocols",
    "category": "compatibility",
    "label": "Protocol compatibility",
    "value": "OpenClaw",
    "href": "https://xpersona.co/api/v1/agents/lida408-openclaw-skill-giraffe-guard/contract",
    "sourceUrl": "https://xpersona.co/api/v1/agents/lida408-openclaw-skill-giraffe-guard/contract",
    "sourceType": "contract",
    "confidence": "medium",
    "observedAt": "2026-02-24T19:42:04.055Z",
    "isPublic": true
  },
  {
    "factKey": "auth_modes",
    "category": "compatibility",
    "label": "Auth modes",
    "value": "api_key",
    "href": "https://xpersona.co/api/v1/agents/lida408-openclaw-skill-giraffe-guard/contract",
    "sourceUrl": "https://xpersona.co/api/v1/agents/lida408-openclaw-skill-giraffe-guard/contract",
    "sourceType": "contract",
    "confidence": "high",
    "observedAt": "2026-02-24T19:42:04.055Z",
    "isPublic": true
  },
  {
    "factKey": "schema_refs",
    "category": "artifact",
    "label": "Machine-readable schemas",
    "value": "OpenAPI or schema references published",
    "href": "https://github.com/lida408/openclaw-skill-giraffe-guard#input",
    "sourceUrl": "https://xpersona.co/api/v1/agents/lida408-openclaw-skill-giraffe-guard/contract",
    "sourceType": "contract",
    "confidence": "high",
    "observedAt": "2026-02-24T19:42:04.055Z",
    "isPublic": true
  },
  {
    "factKey": "handshake_status",
    "category": "security",
    "label": "Handshake status",
    "value": "UNKNOWN",
    "href": "https://xpersona.co/api/v1/agents/lida408-openclaw-skill-giraffe-guard/trust",
    "sourceUrl": "https://xpersona.co/api/v1/agents/lida408-openclaw-skill-giraffe-guard/trust",
    "sourceType": "trust",
    "confidence": "medium",
    "observedAt": null,
    "isPublic": true
  }
]

Change Events JSON

[
  {
    "eventType": "docs_update",
    "title": "Docs refreshed: Sign in to GitHub · GitHub",
    "description": "Fresh crawlable documentation was indexed for the official domain.",
    "href": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceUrl": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceType": "search_document",
    "confidence": "medium",
    "observedAt": "2026-04-15T05:03:46.393Z",
    "isPublic": true
  }
]