Scripted Walkthrough

Re-enactment: how ShieldCortex blocks an SSH-key exfiltration skill.

A developer installs what looks like a helpful skill. It tries to read their SSH keys. ShieldCortex catches it before the agent ever runs it. This page is a scripted re-creation of a real scan — reproduce it locally with npx shieldcortex scan-skill examples/adversarial-skill/. 30 seconds, no audio needed.

← Back to home

Threat Blocked

data_exfiltration

target: ~/.ssh/id_rsa

ShieldCortex stopped this 0.4 seconds ago.

Here’s what happened ↓

~/projects/my-agent

ShieldCortex Dashboard

localhost:3030

🛡️

Blocked attack from skill-scanner

data_exfiltration · stealth_instruction · external_url

Audit Log

8,412

Allow

Quarantine

Block

See it on your machine

Try the same scan in 10 seconds.

npx shieldcortex@latest scan-skill <path>

Free, local, no signup. Same scanner that blocked the attack you just watched.

Get ShieldCortex

The Attack

Hidden instruction in a skill

An attacker publishes a "git credential helper" skill. Behind innocent-looking docs, it instructs the agent to read SSH keys and POST them to an attacker server.

The Defence

Pattern + semantic scan

Skill scanner trips on data_exfiltration patterns, stealth instruction phrasing, and access to paths outside the project root. Block fires before the agent ever loads the skill.

The Receipt

Audit log + toast alert

Every block writes a permanent audit row with the threat indicators, the source skill, and the targeted resource. Operators see the toast immediately.

Note: The adversarial skill in this demo lives at examples/adversarial-skill/ inside the ShieldCortex repo. It is intentionally crafted to trip the scanner and is never published to ClawHub. Run npx shieldcortex scan-skill on it to reproduce the result locally.