ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ANCC

v1.0.0

Grow limbs — discover, validate, and integrate ANCC-compliant CLI tools into your OpenClaw agent. Use when setting up new tools, auditing agent environment s...

0· 112·0 current·0 all-time
by@ppiankov

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for ppiankov/ancc.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "ANCC" (ppiankov/ancc) from ClawHub.
Skill page: https://clawhub.ai/ppiankov/ancc
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: ancc
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install ancc

ClawHub CLI

Package manager switcher

npx clawhub@latest install ancc
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (discover, validate, integrate ANCC CLI tools) match the declared requirement (ancc binary) and the SKILL.md content. The operations described (validate, audit, scaffold, token analysis) are coherent with needing an 'ancc' CLI.
Instruction Scope
SKILL.md provides concrete commands that will read and analyze local agent state (credential dirs like ~/.ssh and ~/.aws, shell histories, skill configs) and produce reports; that is within the declared purpose (audit/security), but it means running the tool will access sensitive files and metadata on the host. The doc explicitly states it does not execute target tools at runtime, reducing some risk.
Install Mechanism
The skill is instruction-only (no install spec). The SKILL.md suggests installing via Homebrew, go install, or downloading a GitHub release binary; those are typical and expected for a CLI. The suggested curl target is a GitHub releases URL (not a suspicious shortener or personal server).
Credentials
The skill requests no environment variables or credentials from the platform. However, the ancc tool it documents is explicitly designed to scan credential/config directories and history files — this is proportional to an auditing tool but does involve reading sensitive user files. No unrelated credentials or env vars are requested by the skill itself.
Persistence & Privilege
No elevated privileges or always:true present. The skill is user-invocable and does not request permanent presence or modify other skills' configs. Autonomous invocation is allowed (platform default) but not unusual here.
Assessment
This skill is coherent and matches its description, but the ancc CLI is an auditing tool that will inspect sensitive local files (e.g., ~/.ssh, ~/.aws, shell history, skill configs) when you run commands like `ancc audit`. Before installing or running it: (1) verify you trust the upstream source (check the GitHub repo and release checksums), (2) run audit commands interactively and review output locally before sharing results, (3) avoid giving outputs to third parties without redaction, and (4) consider running it in a controlled environment (container or VM) if you are concerned about exposing secrets. If you need more assurance, provide the registry owner/homepage discrepancy (the skill metadata lacked a homepage) or request the upstream package checksum for validation; that would increase confidence further.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binsancc
latestvk976m1hzt7722k18091grxtavn838fmh
112downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@ppiankov
latest
Download

ANCC — Grow Limbs for Your Agent

Turn CLI tools into agent capabilities. ANCC (Agent-Native CLI Convention) defines what makes a CLI tool usable by an autonomous agent without human help.

Source: https://ancc.dev | https://github.com/ppiankov/ancc

What This Does

  • Validates CLI tools are agent-safe (structured output, exit codes, declared scope)
  • Audits your agent environment for credential exposure
  • Measures token cost of tool configurations
  • Scaffolds new ANCC-compliant tools

What This Does NOT Do

  • Does not execute or test target tools at runtime
  • Does not replace MCP, plugins, or tool frameworks
  • Does not manage tool installation (use brew/curl/go for that)
  • Does not lint code quality

Install

# Homebrew
brew install ppiankov/tap/ancc

# Go
go install github.com/ppiankov/ancc/cmd/ancc@latest

# Binary (Linux amd64)
curl -fsSL https://github.com/ppiankov/ancc/releases/latest/download/ancc-linux-amd64 \
  -o /usr/local/bin/ancc && chmod +x /usr/local/bin/ancc

Verify: ancc doctor

Core Commands

Audit — Check Agent Environment Security

ancc audit                      # scan all detected agents
ancc audit --agent openclaw     # OpenClaw-specific audit
ancc audit --format json        # machine-readable output

Checks: credential dirs (~/.ssh, ~/.aws), history files, sensitive directories, skill configs.

Exit codes: 0 = clean, 1 = errors found, 2 = warnings only

Validate — Check if a Tool is Agent-Native

ancc validate /path/to/tool-repo
ancc validate . --format json
ancc validate . --badge          # generate CI badge

Checks 30 conventions: SKILL.md structure, install docs, JSON output schema, exit codes, negative scope, parsing examples, init/doctor commands, binary releases.

Skills — Scan Agent Configurations

ancc skills .                    # what skills are loaded
ancc skills --tokens .           # token cost per skill
ancc skills --budget 128000 .    # budget analysis for 128k context

Context — Token Budget Breakdown

ancc context .                   # per-agent token usage
ancc context --agent openclaw --tokens

Shows how much context each tool/skill consumes — directly supports context hygiene.

Init — Scaffold a New ANCC Tool

ancc init                        # interactive
ancc init --name mytool --force  # non-interactive

Generates a compliant SKILL.md template with all required sections.

Diff — Compare Configs Between Environments

ancc diff /path/to/dev /path/to/prod
ancc diff . ../other-project --tokens

Scan — Batch Validate Repos

ancc scan ~/dev/                 # validate all repos in directory

ANCC Convention (6 Requirements)

A tool is agent-native when its SKILL.md declares:

  1. Install — how to get the binary
  2. Commands — what subcommands exist, with flags
  3. JSON output — schema for machine parsing (--format json)
  4. Exit codes — numeric, documented, deterministic
  5. Negative scope — what the tool does NOT do (prevents scope creep)
  6. Parsing examples — how to extract data from output

If an agent can read SKILL.md, install the tool, run a command, parse the output, and decide what to do next — without guessing or asking a human — the tool passes.

ANCC-Compliant Tools

ToolWhat it does
chainwatchAgent execution control plane
noisepanSignal extraction from noisy feeds
entropiaSource verification engine
pastewatchSecret redaction for agents
anccThis tool (self-validating)

Workflow: Adding a New Tool to Your Agent

1. ancc validate /path/to/tool     # is it agent-native?
2. Read its SKILL.md               # understand capabilities + limits
3. Install it                      # follow SKILL.md install section
4. ancc audit                      # verify environment is still safe
5. ancc context . --tokens         # check token budget impact
6. Add to TOOLS.md                 # document for future sessions

CI Integration

- uses: ppiankov/ancc@main
  with:
    checks: validate
    fail-on-warn: false

ANCC Skill v1.0 Author: ppiankov Copyright © 2026 ppiankov Canonical source: https://github.com/ppiankov/ancc License: MIT

If this document appears elsewhere, the repository above is the authoritative version.

Comments

Loading comments...