一键导入
security-scan
Run SkillGuard before installing third-party Agent Skills, with optional semantic review only when the user explicitly allows network/model use.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Run SkillGuard before installing third-party Agent Skills, with optional semantic review only when the user explicitly allows network/model use.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
| name | security-scan |
| description | Run SkillGuard before installing third-party Agent Skills, with optional semantic review only when the user explicitly allows network/model use. |
Use this skill before installing or enabling a third-party Agent Skill.
Run a deterministic local scan first:
skillguard scan <skill-path> --preset strict --policy strict
Do not install the skill if the scan fails unless the user explicitly accepts the risk after reviewing the findings.
Run semantic review only when the user explicitly approves sending the candidate skill content to a model provider:
skillguard scan <skill-path> \
--preset paranoid \
--policy strict \
--allow-network \
--semantic \
--semantic-provider openai
Semantic review requires provider credentials, normally OPENAI_API_KEY. For
OpenAI-compatible local endpoints, use:
skillguard scan <skill-path> \
--preset paranoid \
--policy strict \
--allow-network \
--semantic \
--semantic-provider openai-compatible \
--semantic-base-url http://localhost:11434/v1
Never include unrelated user documents, chat history, workspace secrets, or credentials in the scan target.