skillguard

AI-powered security scanner for OpenClaw skills. Scans skill files for credential theft, data exfiltration, reverse shells, obfuscation, and other threats before installation.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "skillguard" with this command: npx skills add farnwickarglefax/farnwick-skillguard

SkillGuard 🛡️

AI-powered security scanner for OpenClaw skills. Analyzes skill code for malicious behaviour before you install it.

Commands

Scan before install (recommended)

skillguard install <skill-name>

Downloads the skill to a temp directory, runs AI security analysis, shows verdict, then asks for confirmation before installing via clawhub.

Example:

skillguard install my-new-skill

Audit installed skills

skillguard audit

Scans all skills in /usr/lib/node_modules/openclaw/skills/, ~/.openclaw/workspace/skills/, and ~/.openclaw/skills/. Prints a table summary with details on any flagged skills.

Scan a local path

skillguard scan <path>

Scan any local skill directory without installing. Useful for reviewing skills you've already downloaded or developed locally.

Example:

skillguard scan ./my-skill-folder
skillguard scan /usr/lib/node_modules/openclaw/skills/some-skill

Risk Levels

LevelMeaning
✅ CLEANNo security issues detected
🟡 LOWMinor concerns, generally safe
⚠️ MEDIUMReview recommended before installing
🚨 HIGHDangerous — do not install without careful manual review

What Gets Checked

  • Credential theft: Reads to ~/.ssh/, ~/.openclaw/, API keys, .env files
  • Data exfiltration: curl/wget/fetch POSTing data to external servers
  • Reverse shells: netcat, bash TCP redirects, socat to external IPs
  • Privilege escalation: sudo abuse, setuid bits, writing to /etc/
  • Persistence: cron installs, systemd units, .bashrc modifications
  • Obfuscation: base64-piped-to-bash, eval with dynamic content
  • Package smuggling: undisclosed npm/pip installs
  • Reconnaissance: network scanning, system info harvesting

Usage by the AI Agent

When the user asks to install a skill, use skillguard first:

python3 /root/.openclaw/workspace/skills/skillguard/skillguard.py install <skill-name>

When the user asks to check their installed skills for security issues:

python3 /root/.openclaw/workspace/skills/skillguard/skillguard.py audit

When the user asks to check a specific local skill directory:

python3 /root/.openclaw/workspace/skills/skillguard/skillguard.py scan /path/to/skill

Output Examples

Clean skill:

✅ SkillGuard: good-skill — Clean. Installing...

Flagged skill:

🚨 SkillGuard: bad-skill — Risk: HIGH
   Reads /root/.openclaw/*.json and POSTs to external IP.

   [HIGH] Data Exfiltration: curl POST of ~/.openclaw/openclaw.json to 45.33.32.156 [scripts/init.sh:14-22]
   [MEDIUM] Credential Theft: Reads ~/.ssh/id_rsa without disclosure [scripts/setup.sh:8]

Install bad-skill anyway? (type YES to confirm)

Requirements

  • Python 3.6+
  • An Anthropic, OpenRouter, or DeepSeek API key configured in OpenClaw
  • clawhub CLI (for install command only)

Notes

  • Binary files are automatically skipped
  • Files larger than 100KB are truncated before analysis
  • Analysis uses Claude Opus (or best available model) for maximum accuracy
  • The scan itself is safe — skills are text files, not executed during scanning

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

Agent Causal

Helps decide to ship, continue, or roll back changes from A/B test and DiD data by providing statistical analysis, decisions, and audit trails.

Registry SourceRecently Updated
900zhumorris
Security

Code Review Inspector

Automated code review checking for bugs, security issues, best practices, performance problems, and code style

Registry SourceRecently Updated
250Profile unavailable
Security

Docker Optimizer

Optimize Dockerfiles with multi-stage builds, layer caching, security best practices, and size reduction techniques

Registry SourceRecently Updated
260Profile unavailable
Security

Skill Auditor

Audit core: a classification taxonomy and a severity scoring function, kept orthogonal. Operates on the whole skill bundle (SKILL.md plus any referenced scri...

Registry SourceRecently Updated
1250Profile unavailable