Protect Your AI Agent Environment

Deploying third-party skills and toolsets into your agent's runtime shouldn't be a leap of faith. The Skill Install Safety Gate provides a rigorous, automated inspection layer designed specifically for Codex and OpenClaw-style skill architectures. It acts as a static analysis firewall, ensuring that new capabilities meet your security and compatibility standards before they ever touch your file system.

What it does

• Structural Validation: Verifies package shape, ZIP integrity, and mandatory SKILL.md metadata.
• Compatibility Mapping: Automatically checks for required binaries (anyBins), environment variables, and config dependencies against your local host.
• Heuristic Security Scanning: Detects suspicious patterns such as ZIP path traversals, obfuscated payloads, prompt-injection risk, and dangerous dynamic code execution patterns.
• Conflict Prevention: Prevents accidental overwrites by checking for existing skill slugs in the target directory.

Why developer-agents need this

Unlike simple prompting, this skill provides a programmatic "Pass/Fail" mechanism. It generates structured JSON and CSV reports, allowing your agent or CI/CD pipeline to make informed, data-driven decisions about software installation. It never executes untrusted code, ensuring the audit process itself is perfectly safe.

Output & Integration

The skill produces a detailed install-safety-report.md for human review and a machine-readable output.json. If the --install-on-pass flag is used, it will only commit the files to your target directory if the gate decision is a clean "allow" with zero blockers or review items.