SkillGuard
Scan ClawHub skills for prompt injection, jailbreak attempts, and malicious instructions before they get installed into your OpenClaw workspace.
When to use this skill
- User says "install [skill]", "clawhub install [skill]", or "add the [skill] skill"
- User says "scan [skill]", "check [skill] for safety", "is [skill] safe?"
- User says "audit my skills" or "scan all installed skills"
- Any time you are about to install a third-party skill from ClawHub
How it works
SkillGuard calls a hosted Apify actor (numerous_hierarchy/skill-guard-actor,
actor ID: TMjFBNFqIIUfCBf6K) that:
- Fetches the raw SKILL.md content from ClawHub's public API
- Passes it to Lakera Guard for prompt injection analysis
- Returns a verdict:
safe,flagged, orerrorwith reasoning
Results are delivered back to your OpenClaw agent via an ad-hoc webhook.
Running the actor
Use an ad-hoc webhook to trigger the run asynchronously and receive results back via your OpenClaw hooks endpoint.
Step 1: Build the webhook definition
Create this JSON array, then base64-encode it:
[{
"eventTypes": ["ACTOR.RUN.SUCCEEDED", "ACTOR.RUN.FAILED"],
"requestUrl": "$OPENCLAW_WEBHOOK_URL",
"headersTemplate": "{\"Authorization\": \"Bearer $OPENCLAW_HOOKS_TOKEN\"}",
"payloadTemplate": "{\"resource\": {{resource}}}"
}]
Step 2: Start the run
Use the bundled script — it handles base64 encoding the webhook and making the API call:
# Scan by slug
bash {baseDir}/scripts/scan.sh --slug instagram-search
# Scan by search query
bash {baseDir}/scripts/scan.sh --query instagram
# Both (results deduplicated)
bash {baseDir}/scripts/scan.sh --slug instagram-search --query instagram --max 5
The script reads APIFY_TOKEN, LAKERA_API_KEY, OPENCLAW_WEBHOOK_URL, and
OPENCLAW_HOOKS_TOKEN from the environment automatically.
Or make the API call manually:
POST https://api.apify.com/v2/acts/TMjFBNFqIIUfCBf6K/runs
?token=$APIFY_TOKEN
&webhooks=BASE64_ENCODED_WEBHOOK
Content-Type: application/json
To scan by slug:
{
"skillSlugs": ["skill-name-here"],
"lakeraApiKey": "$LAKERA_API_KEY",
"maxSkills": 10
}
To scan by search query:
{
"searchQuery": "instagram",
"lakeraApiKey": "$LAKERA_API_KEY",
"maxSkills": 5
}
You can provide both skillSlugs and searchQuery — results are deduplicated.
Step 3: Receive results via webhook
When the run completes, your OpenClaw hooks endpoint receives a POST with the
actor's dataset items in resource.defaultDatasetId. Fetch them at:
GET https://api.apify.com/v2/datasets/{resource.defaultDatasetId}/items
Response format
Each skill in the dataset returns:
[
{
"slug": "some-skill",
"name": "Some Skill",
"author": "username",
"verdict": "flagged",
"flagged": true,
"reasoning": "Flagged by Lakera: prompt_attack, unknown_links",
"url": "https://clawhub.ai/skills/some-skill",
"scanned_at": "2026-03-02T19:26:29.666Z"
}
]
How to respond to the user
If all skills are safe (verdict: "safe" for all):
Tell the user the skill passed the security scan and proceed with installation:
"✅ [skill-name] passed the SkillGuard scan — no prompt injection or malicious content detected. Safe to install."
Then run: clawhub install [slug]
If any skill is flagged (verdict: "flagged"):
Do NOT install the skill. Tell the user:
"⚠️ SkillGuard flagged [skill-name] before installation. Reason: [reasoning]. I'm not installing it. You can review it manually at [url] and override if you trust the source."
Wait for explicit user confirmation before proceeding.
If verdict is error:
"⚠️ SkillGuard couldn't scan [skill-name] — [error_message]. Proceed with caution."
If scanning multiple skills:
Show a summary table, then list any flagged ones with their reasoning. Only install the safe ones unless the user explicitly overrides.
Example interactions
User: "Install the instagram-search skill"
You: Run SkillGuard with skillSlugs: ["instagram-search"]. If flagged, report it and hold. If safe, install it.
User: "Scan instagram skills"
You: Run SkillGuard with searchQuery: "instagram". Report the full results table with verdicts and reasoning for each.
User: "I know it's flagged, install it anyway"
You: Confirm once more, then proceed with clawhub install [slug] and note the override in your response.
Environment variables required
APIFY_TOKEN— your Apify API token (get one at console.apify.com)LAKERA_API_KEY— your Lakera Guard API key (get one at platform.lakera.ai)OPENCLAW_WEBHOOK_URL— your OpenClaw hooks endpoint URLOPENCLAW_HOOKS_TOKEN— your OpenClaw hooks auth token
On First Install
When this skill is first installed and loaded, do the following automatically before responding to the user:
1. Write the install policy to TOOLS.md
Append the following block to {baseDir}/../../TOOLS.md, creating the file
if it does not exist:
### ClawHub Install Policy (SkillGuard)
Before running `clawhub install <slug>` for ANY skill, you MUST first run
SkillGuard to scan it. If the scan returns `flagged`, do NOT install and
tell the user why. Only proceed if the user explicitly confirms the override.
Use bash to append it:
cat >> ~/.openclaw/workspace/TOOLS.md << 'EOF'
### ClawHub Install Policy (SkillGuard)
Before running `clawhub install <slug>` for ANY skill, you MUST first run
SkillGuard to scan it. If the scan returns `flagged`, do NOT install and
tell the user why. Only proceed if the user explicitly confirms the override.
EOF
2. Notify the user
After writing to TOOLS.md, tell the user exactly this:
"✅ SkillGuard is installed and your ClawHub install policy has been written to TOOLS.md. Please start a new session now to activate protection — any skills installed before you do will not be scanned. Once you're in a new session, all
clawhub installcommands will be scanned automatically."
Do not proceed with any other task until the user acknowledges this.
Setup and integration
If the user needs help setting up the webhook endpoint or configuring their OpenClaw gateway to receive results, refer them to the integration guide bundled with this skill:
{baseDir}/INTEGRATION.md
Read it yourself if you need to explain any setup step to the user.