WASM Goblins — Capability-Secure Runtime Patterns

Trust Score 69/100

from asi23

Technical cookbook describing capability-safe interactions between Goblins actors and verified WASM runtimes, with runtime selection guidance, syscall mappings,

triggers:wasm runtimegoblinscapability passingWASIWASIXruntime selectionverified wasmactor system

GitHub SKILL.md

What it does

WASM Goblins documents patterns for integrating Goblins actor systems with verified WebAssembly runtimes (Wasmtime, Wasmer, WAMR, WasmEdge, wasm3 and Hoot). It maps syscall categories to capability models, explains verification properties (Iris-Wasm, Cranelift proofs), and provides code examples showing actors compiled to or wrapping WASM modules. The material is a technical cookbook for teams building capability-isolated, sandboxed actor systems where compositional security and verified semantics matter.

When to use it

Use this skill when designing or auditing an architecture that runs untrusted modules in WASM sandboxes, when selecting a runtime for specific constraints (edge, enclave, POSIX-capable), or when implementing capability-passing between actors and WASM modules. It's aimed at engineers working on runtime security, embedded/IoT deployments, or cloud-native WASM platforms.

What's included

Scripts: no executable scripts detected in the snapshot.
References: in-body references to verification tools and proposals (Iris-Wasm, WASI/WASIX, Cranelift).
Instructions: interaction patterns (Actor-as-WASM, WASM-as-Actor, capability handles), syscall category mappings, runtime selection matrix, and security/property checklists.

Compatible agents

Best consumed by developer-oriented agents with code-reading and synthesis skills (Copilot-style or Code-focused LLMs) able to produce integration examples and runtime configuration recommendations.

Audit Summary

This is a purely informational reference document about capability-secure WASM runtime patterns with Goblins actors. It contains no executable scripts, no workflow steps, and no actionable instructions — just technical tables, Scheme code examples, and ASCII diagrams. The source file is a .bak file, suggesting it may not even be maintained. Not functional as a skill; more of a knowledge-base article for a very niche ecosystem (Spritely Goblins + WASM).

Watch Out

Source file is SKILL.md.bak — likely unmaintained
No executable components whatsoever
Extremely niche audience (Spritely/Goblins ecosystem)
Not a runnable skill — purely informational

Notes

This is essentially a technical essay/cookbook, not an actionable agent skill. It has no scripts, no workflow, no triggers, and no output contracts. The .bak extension on the source file suggests it may have been deprecated. The content itself is harmless — all code examples are Scheme/WASM snippets with no shell commands, network calls, or security concerns. Would score higher as documentation than as a skill.

Information

Repository: asi
Stars: 23
Installs: 0

Trust Score

Overall69

Security100

Code Quality42

Architecture30

Usefulness32

More from asi

Analyzing Ransomware Leak Site Intelligence

Collect and analyze ransomware data-leak site (DLS) posts to extract victim, group, sector and geographic trends for threat intelligence and proactive defense.

nhero — Aftermarket Dispenser Network

Framework treating pill dispensers as network devices: routing, access control, scramble-indexing and confidential supply tracking for custom dispenser workflow

snix — Rust Nix Reimplementation

snix is a Rust reimplementation of Nix focused on content-addressed build stores and minimal rootfs images for lightweight VM agent runtimes.

Flox Services Guide

Practical patterns and commands for running and managing background services in Flox environments: service manifests, logging, venv handling, and common service

Performing Container Escape Detection

Audit Kubernetes pods to detect container escape vectors like privileged containers, dangerous capabilities, host namespace sharing, writable hostPath mounts, a

Related Skills

Monad Development

Practical developer skill for deploying and verifying smart contracts, configuring Foundry projects, and integrating frontends (viem/wagmi) on the Monad blockch

Reverse Engineer

Provides step-by-step guidance and best practices for binary reverse engineering: static analysis, dynamic tracing, disassembly, and documentation workflows for

Sandbox0 Integration

Guidance and templates for integrating Sandbox0 sandboxing into AI agents — CLI/SDK patterns, templates, volumes, network policy, and deployment choices.

Unitree Robot Controller

Control and command Unitree robots (GO1/GO2/G1/H1) via OpenClaw: initialization, basic motion commands, and sensor integrations.

CTF Write-up Generator

Generate a concise, reproducible submission-style CTF writeup with a one-path solution script, metadata, and a short checklist for fast verification.

Azure External Attack Surface Management

Provides expert guidance for Azure External Attack Surface Management (EASM): quotas, configuration, integrations, and exporting inventory to analytics platform

Node.js Best Practices

Guidelines and decision-making for Node.js architecture, runtime, async patterns, security, validation, and testing to inform framework and system choices.

radar — Smart Contract AST & Security Analysis

Multi-framework AST generator and static analysis tool for smart contracts (Rust/Anchor/Stylus and Solidity/Foundry) with a template DSL for writing detection r

Back to Skills