返回 Skill 列表
extension
分类: 开发与工程无需 API Key

skill-intake-sandbox-gate

用于外部AgentSkills/MCP工具的接入网关。在审查、导入或重写第三方技能(ClawHub/MCP Market/GitHub)到misskim-skills时使用。生成风险报告(执行/网络/fs/密钥/持久性),建议接受/隔离/重写,并将日志标准化到INTAKE_LOG中。

person作者: jakexiaohubgithub

Skill Intake Sandbox Gate

Use this workflow to safely intake any third-party skill/tool package before it touches production automation.

Workflow (default)

0) Collect source

  • Prefer source tree (git repo / skill folder) over “install and run”.
  • Put the candidate under a temp path (do not run it yet).

1) Run the gate (static scan)

From the skill folder:

python3 scripts/gate.py --path <skill-folder> --out /tmp/skill-gate-report.json --md /tmp/skill-gate-report.md

Interpretation:

  • risk_level=low: likely safe to rewrite/import
  • risk_level=medium: quarantine + manual audit + limited-scope rewrite
  • risk_level=high/critical: reject or rewrite from scratch (no execution)

2) Decide

Use the report to choose one:

  • ACCEPT: Only if low risk + clear value + minimal capabilities.
  • QUARANTINE: Keep for reference, do not execute in automation.
  • REWRITE (preferred): Rebuild the skill internally with minimal permissions and deterministic scripts.

3) Rewrite pattern (recommended)

  • Create a new internal skill folder under misskim-skills/skills/<name>/.
  • Copy only:
    • essential procedural instructions
    • deterministic scripts (no hidden downloads)
    • explicit allowlisted network endpoints (if any)
  • Remove:
    • auto-updaters, telemetry, “curl | bash”, arbitrary shell execution
    • credential handling or implicit secret reads

4) Log the intake

Append the decision + rationale to the intake log files:

  • misskim-skills/INTAKE_LOG.md
  • misskim-skills/intake-log.md
  • misskim-skills/intake-log/<date>-*-trend-raw.json (if applicable)

What the gate checks (summary)

  • Process execution: subprocess/child_process/os.system/exec/spawn, shell pipelines
  • Network: requests/httpx/aiohttp/fetch/axios/socket, hardcoded domains
  • File write/destructive ops: rm -rf, recursive deletes, chmod/chown, persistence
  • Privilege: sudo, system service edits, launchd/systemd, firewall rules
  • Secrets indicators: env/key file reads, token patterns, .npmrc, .env

Resources

  • scripts/gate.py: static scanner + JSON/MD report generator
  • references/policy.md: allow/deny rules + decision rubric
  • references/threat-model.md: threat model for skill intake