ClawHub

Semantic Shield

v1.0.1

AI skill safety validation — real human experts vet skills, plugins, and MCP tools for security risks. Query trust scores, submit evaluation inquiries, and g...

1· 338·0 current·0 all-time
bySimply Semantics@simplysemantics
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (skill-vetting) match the declared requirements: the skill is an instruction-only wrapper for a remote SaaS API and requires a per-account SEMANTIC_SHIELD_API_KEY. There are no unrelated env vars, binaries, or config paths requested.
Instruction Scope
SKILL.md gives explicit REST endpoints and headers that only transmit skill identifiers, provider names, and optionally a public skill URL. The instructions do not direct the agent to read local files, other env vars, secrets, or system configuration outside the declared API key.
Install Mechanism
No install spec or downloadable code is present — the skill is instruction-only, which minimizes on-disk risk.
Credentials
Only one required environment variable (SEMANTIC_SHIELD_API_KEY) is declared and used for x-api-key authentication. That is proportionate for a hosted service API. The skill does not request unrelated credentials or config paths.
Persistence & Privilege
always is false and the skill does not request permanent system presence or modify other skills/config. Autonomous invocation is allowed by default (normal) but not elevated here.
Assessment
This skill appears coherent: it simply calls a remote Semantic Shield API and requires one API key. Before installing, verify the vendor (https://www.simplysemantics.com) and that the domain uses HTTPS, treat SEMANTIC_SHIELD_API_KEY like any service key (store securely, revoke/rotate if compromised), avoid submitting private/internal URLs or secrets when using the service, and review the provider's privacy/security terms if you plan to enable webhooks or enterprise integrations.

Like a lobster shell, security has layers — review code before you run it.

latestvk976vsxjpfghcvc8dr0eek35an826pv2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments