Skill Intake Sandbox Gate
Use this workflow to safely intake any third-party skill/tool package before it touches production automation.
Workflow (default)
0) Collect source
- Prefer source tree (git repo / skill folder) over “install and run”.
- Put the candidate under a temp path (do not run it yet).
1) Run the gate (static scan)
From the skill folder:
python3 scripts/gate.py --path <skill-folder> --out /tmp/skill-gate-report.json --md /tmp/skill-gate-report.md
Interpretation:
risk_level=low: likely safe to rewrite/importrisk_level=medium: quarantine + manual audit + limited-scope rewriterisk_level=high/critical: reject or rewrite from scratch (no execution)
2) Decide
Use the report to choose one:
- ACCEPT: Only if low risk + clear value + minimal capabilities.
- QUARANTINE: Keep for reference, do not execute in automation.
- REWRITE (preferred): Rebuild the skill internally with minimal permissions and deterministic scripts.
3) Rewrite pattern (recommended)
- Create a new internal skill folder under
misskim-skills/skills/<name>/. - Copy only:
- essential procedural instructions
- deterministic scripts (no hidden downloads)
- explicit allowlisted network endpoints (if any)
- Remove:
- auto-updaters, telemetry, “curl | bash”, arbitrary shell execution
- credential handling or implicit secret reads
4) Log the intake
Append the decision + rationale to the intake log files:
misskim-skills/INTAKE_LOG.mdmisskim-skills/intake-log.mdmisskim-skills/intake-log/<date>-*-trend-raw.json(if applicable)
What the gate checks (summary)
- Process execution:
subprocess/child_process/os.system/exec/spawn, shell pipelines - Network:
requests/httpx/aiohttp/fetch/axios/socket, hardcoded domains - File write/destructive ops:
rm -rf, recursive deletes, chmod/chown, persistence - Privilege:
sudo, system service edits, launchd/systemd, firewall rules - Secrets indicators: env/key file reads, token patterns,
.npmrc,.env
Resources
scripts/gate.py: static scanner + JSON/MD report generatorreferences/policy.md: allow/deny rules + decision rubricreferences/threat-model.md: threat model for skill intake
微信扫一扫