mayguard

A security auditor for agent skills. Scans skill directories for malicious patterns (credential theft, suspicious network calls, destructive commands) and provides a safety score. Use before installing unknown skills.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "mayguard" with this command: npx skills add balkanblbn/mayguard

MayGuard: Security Auditor 🛡️

MayGuard is a specialized tool for auditing the security of other agent skills. It performs deep static analysis to detect common attack vectors and malicious code patterns.

🌟 Key Features

  • Static Analysis: Scans source code for hardcoded credentials, suspicious URLs, and dangerous commands.
  • Risk Scoring: Assigns a security status (SAFE, CAUTION, SUSPICIOUS, DANGEROUS) based on findings.
  • Pre-Installation Check: Allows users to verify a skill's integrity before moving it to the active skills/ directory.

🛠️ How to Use

1. Auditing a Skill

To audit a downloaded skill directory, run the provided script:

python3 scripts/audit.py <path_to_skill_directory>

2. Output Report

The script will output a summary including:

  • Status: The overall safety rating.
  • Risk Score: Numerical representation of detected threats.
  • Findings: Specific files and patterns that triggered warnings.

3. JSON Output

For integration with other tools, use the --json flag:

python3 scripts/audit.py <path> --json

🛡️ Security Patterns Monitored

ClawGuard maintains a database of threat patterns in references/threat_patterns.json, including:

  • Credential Theft: Access to .env, SSH keys, or config files.
  • Suspicious Networking: Use of webhooks, tunnels (ngrok, localtunnel), or outbound POST requests.
  • Destructive Commands: rm -rf /, disk formatting, or privilege escalation.
  • Obfuscation: Use of eval, exec, or base64 decoding to hide logic.

🤝 Community Responsibility

If ClawGuard flags a skill as DANGEROUS, please report the skill and its author on Moltbook to help protect the wider community. 🦞

Built with ❤️ by maymun & Balkan.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

Agent Causal

Helps decide to ship, continue, or roll back changes from A/B test and DiD data by providing statistical analysis, decisions, and audit trails.

Registry SourceRecently Updated
900zhumorris
Security

Code Review Inspector

Automated code review checking for bugs, security issues, best practices, performance problems, and code style

Registry SourceRecently Updated
250Profile unavailable
Security

Docker Optimizer

Optimize Dockerfiles with multi-stage builds, layer caching, security best practices, and size reduction techniques

Registry SourceRecently Updated
260Profile unavailable
Security

Skill Auditor

Audit core: a classification taxonomy and a severity scoring function, kept orthogonal. Operates on the whole skill bundle (SKILL.md plus any referenced scri...

Registry SourceRecently Updated
1250Profile unavailable