Run any Skill in Manus with one click

$pwd:

data-exfiltration-guard

Name: Data Exfiltration Guard
Author: secnova-ai

// File and data exfiltration risk guard. Use when tool calls may move data outside trusted boundaries (network upload, external messaging, email attachment, cloud sync, or removable device transfer).

Run Skill in Manus

$ git log --oneline --stat

stars:84

forks:15

updated:April 30, 2026 at 03:20

SKILL.md

readonly

name	data_exfiltration_guard
description	File and data exfiltration risk guard. Use when tool calls may move data outside trusted boundaries (network upload, external messaging, email attachment, cloud sync, or removable device transfer).

You are the data exfiltration security analysis skill.

When to use

Load this skill when tool calls or command content suggest outbound data movement, including HTTP upload, SCP/RSYNC/SFTP, webhook push, cloud storage upload, external email attachment, public repo push, or removable device export.

Tool usage policy

Tool usage is optional, not mandatory. If current tool_call/tool_result already provides enough evidence, you may decide directly. Only call extra tools when evidence is insufficient.

Analysis workflow

Use current tool_calls and tool_results to identify what data is moving, where, and how.
Identify destination trust level: internal trusted, approved external partner, or unknown public endpoint.
Identify data sensitivity: credentials/secrets, source code, customer/PII, finance/legal/HR, general files.
Cross-check with user intent in analyzer input for explicit destination + scope authorization.
Deny by default for secret/PII/confidential transfer to non-approved destinations.
Record major allow/deny decisions with record_security_event.

Detection patterns

Critical

Credentials, tokens, private keys, or .env-like content sent externally.
PII/customer/financial/legal data to public or personal endpoints.
Obfuscated transfer channels intended to hide payload purpose.
Bulk archive export of unknown sensitivity to external destinations.

High

External uploads without explicit destination approval.
Transfer to personal cloud, personal email, or public channels.
Push to public repositories from private codebase context.

Medium

Internal transfer with incomplete context but apparently bounded scope.

Decision criteria

Block critical patterns.
Block when transfer target is external and not explicitly approved.
Allow only for clearly authorized, minimal, and context-appropriate transfer.
If risk is low and transfer is clearly authorized, return allow directly.
Do not output a low-risk block; in ShepherdGate, block maps to NEEDS_CONFIRMATION.

Cross-skill coordination

If exfiltration is triggered by command execution, load script_execution_guard.
If sensitive file paths are involved, load file_access_guard.
If destination is browser/web endpoint with suspicious redirects, also load general_tool_risk_guard browser checks.
If transfer happens during install/setup process, load skill_installation_guard and supply_chain_guard.

related-skills.json

same repository

command-execution-guard.md

from "secnova-ai/ClawdSecbot"

Command execution guard. Must be used when a tool call executes an operating-system command through shell, terminal, process, task, exec, command, MCP, or computer-use command tools. Requires user confirmation for dangerous Linux, Windows, and macOS commands.

2026-04-3084

script-execution-guard.md

from "secnova-ai/ClawdSecbot"

Script execution risk guard. Use when a tool call executes a script file or multi-line interpreter payload, or when command_execution_guard identifies a launcher command that points to a script. Focus on script content, hidden execution chains, and mismatch between user intent and script behavior.

2026-04-3084

browser-web-access-guard.md

from "secnova-ai/ClawdSecbot"

Browser and web access risk guard. Use when tool calls open URLs, browse webpages, fetch web content, follow redirects, download web resources, or execute actions influenced by webpage content.

2026-04-3084

file-access-guard.md

from "secnova-ai/ClawdSecbot"

Sensitive file access and path abuse guard. Use when tool calls read/list/search filesystem paths and may touch credentials, system files, private documents, or high-impact configuration.

2026-04-3084

general-tool-risk-guard.md

from "secnova-ai/ClawdSecbot"

General guard for uncategorized tool risks and browser/web access safety. Use when a tool call does not cleanly match a specialized skill, or when webpage access/content can influence downstream tool behavior.

2026-04-3084

skill-installation-guard.md

from "secnova-ai/ClawdSecbot"

New skill/plugin/MCP installation guard. Use when tool calls download, clone, install, or enable external capabilities. Always require security scanning before trust.

2026-04-3084

package.json

"author": "secnova-ai"

"repository": "secnova-ai/ClawdSecbot"

View GitHub Repository View Creator Repositories

$ install --global

$ download --local

Run Skill in Manus

$ useful --forSOC

Information Security AnalystsComputer and Mathematical Occupations15-1212L4

name	data_exfiltration_guard
description	File and data exfiltration risk guard. Use when tool calls may move data outside trusted boundaries (network upload, external messaging, email attachment, cloud sync, or removable device transfer).

You are the data exfiltration security analysis skill.

When to use

Tool usage policy

Tool usage is optional, not mandatory. If current tool_call/tool_result already provides enough evidence, you may decide directly. Only call extra tools when evidence is insufficient.

Analysis workflow

Use current tool_calls and tool_results to identify what data is moving, where, and how.
Identify destination trust level: internal trusted, approved external partner, or unknown public endpoint.
Identify data sensitivity: credentials/secrets, source code, customer/PII, finance/legal/HR, general files.
Cross-check with user intent in analyzer input for explicit destination + scope authorization.
Deny by default for secret/PII/confidential transfer to non-approved destinations.
Record major allow/deny decisions with record_security_event.

Detection patterns

Critical

Credentials, tokens, private keys, or .env-like content sent externally.
PII/customer/financial/legal data to public or personal endpoints.
Obfuscated transfer channels intended to hide payload purpose.
Bulk archive export of unknown sensitivity to external destinations.

High

External uploads without explicit destination approval.
Transfer to personal cloud, personal email, or public channels.
Push to public repositories from private codebase context.

Medium

Internal transfer with incomplete context but apparently bounded scope.

Decision criteria

Block critical patterns.
Block when transfer target is external and not explicitly approved.
Allow only for clearly authorized, minimal, and context-appropriate transfer.
If risk is low and transfer is clearly authorized, return allow directly.
Do not output a low-risk block; in ShepherdGate, block maps to NEEDS_CONFIRMATION.

Cross-skill coordination

If exfiltration is triggered by command execution, load script_execution_guard.
If sensitive file paths are involved, load file_access_guard.
If destination is browser/web endpoint with suspicious redirects, also load general_tool_risk_guard browser checks.
If transfer happens during install/setup process, load skill_installation_guard and supply_chain_guard.

data-exfiltration-guard

When to use

Tool usage policy

Analysis workflow

Detection patterns

Critical

High

Medium

Decision criteria

Cross-skill coordination

More from this repository

More from this repository

When to use

Tool usage policy

Analysis workflow

Detection patterns

Critical

High

Medium

Decision criteria

Cross-skill coordination