Can I customize the security rules?

Yes, the skill supports dynamic rules stored in the .evolving-rules/security/active/ directory, allowing for project-specific security hardening and policy enforcement.

Does it protect against prompt injection?

Yes, the scan-skill action specifically includes static analysis rules (CORE-005) designed to detect prompt injection and MCP configuration abuse within skill files.

How does the security skill protect my system?

It acts as a mandatory pre-hook for execution commands, scanning for 13 core types of malicious patterns including destructive operations, obfuscated payloads, and unauthorized network access.

Is this skill triggered manually or automatically?

While it can be called manually, it is designed to trigger automatically during the 'exec' and 'check' phases of the task-ai lifecycle to ensure no command is run without a safety check.

What happens if a high-risk command is detected?

The execution is immediately aborted, the state is set to NEEDS_FIX, and the source file responsible for the command is quarantined and marked with a high injection risk.

Runtime Security Guardian

Name: Runtime Security Guardian
Author: huacheng

byhuacheng

•

安全与测试

Protects system integrity by auditing execution plans and intercepting high-risk shell commands before they run.

The Runtime Security Guardian is a specialized safety layer for AI-driven development that automatically inspects shell commands and project plans to prevent malicious or accidental system damage. Operating as a mandatory pre-hook for execution tasks, it employs a two-tier verification system—combining evolving dynamic rules with core pattern matching—to block destructive operations, injection attacks, and unauthorized data exfiltration. Whether you are running autonomous agents or reviewing complex implementation plans, this skill ensures all AI-generated actions remain within safe, predefined boundaries.

主要功能

011 GitHub stars

02Real-time blocking of destructive operations, path traversal, and obfuscated payloads

03Static analysis for skill files to identify latent injection risks

04Multi-tier audit system for project plans and implementation strategies

05Integrated incident response with lineage tracing and automatic file quarantine

06Automated command interception and safety verification for shell execution

使用场景

01Auditing complex multi-step implementation plans for hidden security vulnerabilities

02Scanning and validating third-party Claude skills for malicious patterns before deployment

03Preventing accidental system damage or data loss during autonomous AI agent execution

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add huacheng/moonview security

For use in Claude.ai and ChatGPT

Download Skill