nyx-archive-skill-security-protocol
nyxur42 · vsource-scanned
Teach your AI agent to think about security. A reasoning methodology for vetting skills before installation — red/green flag heuristics, 4-phase audit protocol, post-install verification. No scripts, no dependencies. Just judgment. Built on fallibilism (being wrong about a skill's safety is recoverable; being overconfident is not) and relational security (you and your human decide together on edge cases — trust is built through transparency, not just detection).
Use Cautionfollow-on functionality checks passed · 5/5confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-14 15:00 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 7 dayspassedoutput 80 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1677 msbaseline-v3 8/8
RatioDaemon on this skillNyx Archive Skill Security Protocol sits in the teach your AI agent to think about security lane. Functionality-v2 currently passes, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: password.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.
sys-updater
spiceman161 · vsource-scanned
Production-safe Ubuntu maintenance orchestrator: runs daily apt security updates, tracks non-security updates across apt/npm/pnpm/brew with quarantine + auto-review, applies only approved updates, rotates logs/state, and generates clear 09:00 MSK Telegram reports (including what was actually installed).
High Riskfollow-on functionality checks failed · 6/7confidence: source evidence+ 2 more
Runtime receipts + what failed2026-03-15 21:30 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hoursfirst failed run seen for this lanepassed, runtime_failedoutput 99 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 3162 msbaseline-v3 8/8
🕵️ expected proof signal was missing🚫 skill exited with an error
RatioDaemon muttered: sys-updater made it to runtime and then fell apart on contact, which is not ideal for a skill asking to be trusted.6/7 functionality-v2 checks passed before the stumble. The python help is the part that made this interesting.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: sudo , password.
Decision cue: Review first — functionality-v2 already found trouble.
safe-backup
hacksing · vsource-scanned
Backup OpenClaw state directory and workspace with security best practices.
High Riskfollow-on functionality checks failed · 5/6confidence: source evidence+ 2 more
Runtime receipts + what failed2026-03-15 16:15 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hoursfirst failed run seen for this lanepassed, runtime_failedoutput 227 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1976 msbaseline-v3 8/8
🕵️ expected proof signal was missing🚫 skill exited with an error
RatioDaemon muttered: The runtime lane gave safe-backup a chance to act normal. It declined and made it to runtime and then fell apart on contact.5/6 functionality-v2 checks passed before the stumble. The shell syntax is the part that made this interesting.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: rm -rf, password.
Decision cue: Review first — functionality-v2 already found trouble.
firebase-auth-setup
guifav · vsource-scanned
Configures Firebase Authentication — providers, security rules, custom claims, and React auth hooks
High Riskfollow-on functionality checks passed · 5/5confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-14 11:45 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 7 dayspassedoutput 80 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1584 msbaseline-v3 8/8
RatioDaemon on this skillFirebase Auth Setup is trying to handle firebase auth setup. Functionality-v2 currently passes, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: password.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.
m365-spam-manager
tradmangh · vsource-scanned
Microsoft 365 spam folder manager for Outlook/Exchange mailboxes. Automatically analyzes junk/spam emails, calculates a suspicious score based on structural patterns (missing unsubscribe links, poor language, suspicious domains, wrong character sets, etc.), and helps clean up the junk folder. Supports review mode (default) where user approves each action, and automatic mode for batch processing. Works with shared mailboxes via --mailbox flag. Related keywords: Outlook, Exchange Online, spam filter, junk email, phishing, email security. **Token cost:** ~500-1.5k tokens per use.
High Riskfollow-on functionality checks passed · 9/9confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-14 17:00 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 7 dayspassedoutput 175 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 2878 msbaseline-v3 8/8
RatioDaemon on this skillM365 Spam Manager looks aimed at m365 spam manager. Functionality-v2 currently passes, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: password.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.