agent-skill-trust-check
Static pre-install trust review for SKILL.md, OpenClaw, Hermes, MCP, and agent-skill marketplace packages before they request local, account, payment, or external access.
What this skill does
# Agent Skill Trust Check Use this skill before installing a third-party agent skill, SKILL.md package, MCP-linked skill, or marketplace listing. ## What This Skill Does - Reads a public or local skill description before install. - Flags patterns that deserve review: shell execution, destructive commands, secrets, wallet/payment actions, network output, persistence, and prompt-boundary issues. - Separates basic provenance signals from risky behavior signals. - Produces a patch order that a maintainer can resolve before the skill is trusted. ## When To Use Use this when an agent is about to install or recommend a skill from: - OpenClaw, Hermes, or ClawHub-style marketplaces. - Claude Code, Codex, Cursor, Windsurf, or Gemini skill directories. - MCP-linked skill bundles. - GitHub repositories that include a `SKILL.md`, tool manifest, or install script. ## Run From The Public Repo ```bash git clone https://github.com/TateLyman/agent-skill-trust-check.git cd agent-skill-trust-check npm run check node bin/agent-skill-trust-check.js ./SKILL.md ``` Marketplace-safe stdin mode: ```bash node bin/agent-skill-trust-check-stdin.js < ./SKILL.md ``` For JSON output: ```bash node bin/agent-skill-trust-check.js ./SKILL.md --json ``` npm command: ```bash npx --yes agent-skill-trust-check ./SKILL.md --json ``` ## Review Rules Before installation, check: - Does the skill run shell commands, package installers, or process-spawn APIs? - Does it read secrets, environment variables, wallet data, credentials, cookies, or private keys? - Does it send content to remote URLs or webhooks? - Does it create persistent background jobs? - Does it ask the agent to ignore or override higher-priority instructions? - Does it document source, license, version, tests, permissions, and uninstall steps? ## Boundaries This is a static pre-install check. The marketplace-safe runner reads only stdin and returns JSON. The local CLI can also read a local path or a public GitHub/raw/Gist URL when run from the repository checkout. Neither mode executes the target skill or proves the runtime is safe. For marketplace-grade review, use the paid Agent Skill Trust Check listing: https://orkai.ai/skills/agent-skill-trust-check
Related in security
web-pentest
IncludedAuthorized web application penetration testing — reconnaissance, vulnerability analysis, proof-based exploitation, and professional reporting. Adapts Shannon's "No Exploit, No Report" methodology with hard guardrails for scope, authorization, and aux-client leakage. Active testing against running applications you own or have written authorization to test.
oss-forensics
IncludedSupply chain investigation, evidence recovery, and forensic analysis for GitHub repositories. Covers deleted commit recovery, force-push detection, IOC extraction, multi-source evidence collection, hypothesis formation/validation, and structured forensic reporting. Inspired by RAPTOR's 1800+ line OSS Forensics system.
container-security-hardening
IncludedHarden Docker/container images and runtime deployments with secure base images, non-root users, CVE scanning, SBOM/signing, seccomp/AppArmor, and Kubernetes pod security controls. Use for Dockerfile security reviews, container CVEs, image scanning, distroless images, or production hardening.
bumblebee
IncludedRun Bumblebee supply-chain inventory and exposure scans on macOS/Linux to detect compromised packages, extensions, and MCP host configs.
harden
IncludedApplies NIST/CWE security hardening to Python and Rust code. Use when auditing code for vulnerabilities or proposing concrete security remediations.
aws-compliance-checker
IncludedAutomated compliance checking against CIS, PCI-DSS, HIPAA, and SOC 2 benchmarks