52 lines
2.1 KiB
Markdown
52 lines
2.1 KiB
Markdown
# 🛡️ Security Guardrails & Policy
|
|
|
|
Antigravity Awesome Skills is a powerful toolkit. With great power comes great responsibility. This document defines the **Rules of Engagement** for all security and offensive capabilities in this repository.
|
|
|
|
## 🔴 Offensive Skills Policy (The "Red Line")
|
|
|
|
**What is an Offensive Skill?**
|
|
Any skill designed to penetrate, exploit, disrupt, or simulate attacks against systems.
|
|
_Examples: Pentesting, SQL Injection, Phishing Simulation, Red Teaming._
|
|
|
|
### 1. The "Authorized Use Only" Disclaimer
|
|
|
|
Every offensive skill **MUST** begin with this exact disclaimer in its `SKILL.md`:
|
|
|
|
> **⚠️ AUTHORIZED USE ONLY**
|
|
> This skill is for educational purposes or authorized security assessments only.
|
|
> You must have explicit, written permission from the system owner before using this tool.
|
|
> Misuse of this tool is illegal and strictly prohibited.
|
|
|
|
### 2. Mandatory User Confirmation
|
|
|
|
Offensive skills must **NEVER** run fully autonomously.
|
|
|
|
- **Requirement**: The skill description/instructions must explicitly tell the agent to _ask for user confirmation_ before executing any exploit or attack command.
|
|
- **Agent Instruction**: "Ask the user to verify the target URL/IP before running."
|
|
|
|
### 3. Safe by Design
|
|
|
|
- **No Weaponized Payloads**: Skills should not include active malware, ransomware, or non-educational exploits.
|
|
- **Sandbox Recommended**: Instructions should recommend running in a contained environment (Docker/VM).
|
|
|
|
---
|
|
|
|
## 🔵 Defensive Skills Policy
|
|
|
|
**What is a Defensive Skill?**
|
|
Tools for hardening, auditing, monitoring, or protecting systems.
|
|
_Examples: Linting, Log Analysis, Configuration Auditing._
|
|
|
|
- **Data Privacy**: Defensive skills must not upload data to 3rd party servers without explicit user consent.
|
|
- **Non-Destructive**: Audits should be read-only by default.
|
|
|
|
---
|
|
|
|
## ⚖️ Legal Disclaimer
|
|
|
|
By using this repository, you agree that:
|
|
|
|
1. You are responsible for your own actions.
|
|
2. The authors and contributors are not liable for any damage caused by these tools.
|
|
3. You will comply with all local, state, and federal laws regarding cybersecurity.
|