Agents
v1.0.0Design, build, and deploy AI agents with architecture patterns, framework selection, memory systems, and production safety.
⭐ 2· 1.1k·10 current·11 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the contents: the package is documentation and checklists for designing, implementing, evaluating, and securing agents. It requests no binaries, env vars, or installs—appropriate for an instructional skill. Note: the skill metadata has no homepage and owner is an opaque ID; that reduces provenance but does not create an internal inconsistency.
Instruction Scope
SKILL.md and the included markdown files are guidance only and do not instruct the agent to read arbitrary system files, exfiltrate data, or call external endpoints. The instructions focus on architecture, testing, and security practices (including avoiding prompt injection). There is no vague open-ended instruction that would grant broad discretionary access.
Install Mechanism
No install spec and no code files — lowest-risk model. Nothing is downloaded or written to disk by the skill itself.
Credentials
The skill declares no required environment variables, credentials, or config paths. The guidance even warns against putting secrets in prompts and advises retrieving secrets from environment variables without exposing them. No disproportionate credential requests are present.
Persistence & Privilege
Defaults for invocation/persistence are normal (always:false, agent can invoke autonomously). The skill does not request persistent system presence or modification of other skills or global agent config. Nothing indicates privilege escalation.
Scan Findings in Context
[ignore-previous-instructions] expected: The phrase/pattern was detected in the content but appears in the security guidance (discussing persona hijacking and prompt injection). Presence is expected and used as an example of what to detect/defend against, not as an instruction to ignore prior constraints.
Assessment
This skill is documentation-only and internally coherent with its aim to teach how to design, implement, and secure agents. Before installing or relying on it: (1) note the publisher has no public homepage—if provenance matters, prefer skills with identifiable authors or an organization; (2) the skill contains code snippets and operational advice but will not run code or access secrets by itself—if you implement the patterns, follow the security.md checklist (sandbox tools, avoid putting secrets in prompts, require approvals for destructive actions); (3) the prompt-injection pattern found is part of the security discussion and not an active exploit, but remain cautious: never paste sensitive keys into any prompt or untrusted context and sandbox any code you copy from the implementation examples.Like a lobster shell, security has layers — review code before you run it.
latestvk97491205a3steds36m8e729gs813h7b
License
MIT-0
Free to use, modify, and redistribute. No attribution required.