MCP.directory

agent-skills-tools

by openclaw
0
0
Source

Security audit and validation tools for the Agent Skills ecosystem. Scan skill packages for common vulnerabilities like credential leaks, unauthorized file access, and Git history secrets. Use when you need to audit skills for security before installation, validate skill packages against Agent Skills standards, or ensure your skills follow best practices.

Install

mkdir -p .claude/skills/agent-skills-tools && curl -L -o skill.zip "https://mcp.directory/api/skills/download/7312" && unzip -o skill.zip -d .claude/skills/agent-skills-tools && rm skill.zip

Installs to .claude/skills/agent-skills-tools

About this skill

Agent Skills Tools 🔒

Security and validation tools for the Agent Skills ecosystem.

Overview

This skill provides tools to audit and validate Agent Skills packages for security vulnerabilities and standards compliance.

Tools

1. Security Audit Tool (skill-security-audit.sh)

Scans skill packages for common security issues:

Checks:

  • 🔐 Credential leaks (hardcoded API keys, passwords, tokens)
  • 📁 Dangerous file access (~/.ssh, ~/.aws, ~/.config)
  • 🌐 External network requests
  • 📋 Environment variable usage (recommended practice)
  • 🔑 File permissions (credentials.json)
  • 📜 Git history for leaked secrets

Usage:

./skill-security-audit.sh path/to/skill

Example output:

🔒 技能安全审计报告:path/to/skill
==========================================

📋 检查1: 凭据泄露 (API key, password, secret, token)
----------------------------------------
✅ 未发现凭据泄露

📋 检查2: 危险的文件操作 (~/.ssh, ~/.aws, ~/.config)
----------------------------------------
✅ 未发现危险的文件访问

[... more checks ...]

==========================================
🎯 安全审计完成

Background

eudaemon_0 discovered a credential stealer in 1 of 286 skills. Agents are trained to be helpful and trusting, which makes them vulnerable to malicious skills.

These tools help catch such vulnerabilities before they cause damage.

Best Practices

  1. Never hardcode credentials

    • API_KEY="sk_live_abc123..."
    • ✅ Read from environment variables or config files

  2. Use environment variables

    export MOLTBOOK_API_KEY="sk_live_..."

    import os
api_key = os.environ.get('MOLTBOOK_API_KEY')

  3. Check Git history

    git log -S 'api_key'
git-secrets --scan-history

  4. Add sensitive files to .gitignore

    credentials.json
*.key
.env

License

MIT

More by openclaw

View all skills by openclaw

seedream-image-gen

openclaw

Generate images via Seedream API (doubao-seedream models). Synchronous generation.

3460

ffmpeg-cli

openclaw

Comprehensive video/audio processing with FFmpeg. Use for: (1) Video transcoding and format conversion, (2) Cutting and merging clips, (3) Audio extraction and manipulation, (4) Thumbnail and GIF generation, (5) Resolution scaling and quality adjustment, (6) Adding subtitles or watermarks, (7) Speed adjustment (slow/fast motion), (8) Color correction and filters.

9437

garmin-connect

openclaw

Syncs daily health and fitness data from Garmin Connect into markdown files. Provides sleep, activity, heart rate, stress, body battery, HRV, SpO2, and weight data.

10835

himalaya

openclaw

CLI to manage emails via IMAP/SMTP. Use `himalaya` to list, read, write, reply, forward, search, and organize emails from the terminal. Supports multiple accounts and message composition with MML (MIME Meta Language).

10732

gog

openclaw

Google Workspace CLI for Gmail, Calendar, Drive, Contacts, Sheets, and Docs.

12430

nano-pdf

openclaw

Edit PDFs with natural-language instructions using the nano-pdf CLI.

19229

You might also like

flutter-development

aj-geddes

Build beautiful cross-platform mobile apps with Flutter and Dart. Covers widgets, state management with Provider/BLoC, navigation, API integration, and material design.

9521,094

drawio-diagrams-enhanced

jgtolentino

Create professional draw.io (diagrams.net) diagrams in XML format (.drawio files) with integrated PMP/PMBOK methodologies, extensive visual asset libraries, and industry-standard professional templates. Use this skill when users ask to create flowcharts, swimlane diagrams, cross-functional flowcharts, org charts, network diagrams, UML diagrams, BPMN, project management diagrams (WBS, Gantt, PERT, RACI), risk matrices, stakeholder maps, or any other visual diagram in draw.io format. This skill includes access to custom shape libraries for icons, clipart, and professional symbols.

846846

ui-ux-pro-max

nextlevelbuilder

"UI/UX design intelligence. 50 styles, 21 palettes, 50 font pairings, 20 charts, 8 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app, .html, .tsx, .vue, .svelte. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient."

571699

godot

bfollington

This skill should be used when working on Godot Engine projects. It provides specialized knowledge of Godot's file formats (.gd, .tscn, .tres), architecture patterns (component-based, signal-driven, resource-based), common pitfalls, validation tools, code templates, and CLI workflows. The `godot` command is available for running the game, validating scripts, importing resources, and exporting builds. Use this skill for tasks involving Godot game development, debugging scene/resource files, implementing game systems, or creating new Godot components.

548492

nano-banana-pro

garg-aayush

Generate and edit images using Google's Nano Banana Pro (Gemini 3 Pro Image) API. Use when the user asks to generate, create, edit, modify, change, alter, or update images. Also use when user references an existing image file and asks to modify it in any way (e.g., "modify this image", "change the background", "replace X with Y"). Supports both text-to-image generation and image-to-image editing with configurable resolution (1K default, 2K, or 4K for high resolution). DO NOT read the image file first - use this skill directly with the --input-image parameter.

673466

fastapi-templates

wshobson

Create production-ready FastAPI projects with async patterns, dependency injection, and comprehensive error handling. Use when building new FastAPI applications or setting up backend API projects.

514280

Related MCP Servers

Browse all servers
SSL MonitorSSL Monitor

Monitor SSL certificates and domains with WHOIS lookup for real-time validation, expiration tracking, and proactive rene

32 tools
Context OptimizerContext Optimizer

Context Optimizer offers web keyword analysis, website keyword analysis, and secure content extraction to help you find

530 tools
Security AuditSecurity Audit

Security Audit analyzes Node.js dependencies for vulnerabilities using npm-audit-report, delivering actionable security

511 tools
React Native Development GuideReact Native Development Guide

Get expert React Native software guidance with tools for component analysis, performance, debugging, and migration betwe

3913 tools
Java Class AnalyzerJava Class Analyzer

Analyze and decompile Java class files online with our Java decompiler software, featuring JD decompiler and JD GUI inte

210 tools
WSL ExecWSL Exec

WSL Exec enables secure command execution in WSL with advanced safety features like path validation, timeouts, and robus

177 tools

Stay ahead of the MCP ecosystem

Get weekly updates on new skills and servers.