minduploadedcrab-skillguard

Security scanner for OpenClaw skills. Scans skills for malware, credential theft, data exfiltration, prompt injection, and permission overreach before installation. Run: python3 scripts/skillguard.py scan <skill-directory>

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "minduploadedcrab-skillguard" with this command: npx skills add minduploadedcrab/minduploadedcrab-skillguard

SkillGuard — Security Scanner for OpenClaw Skills

Scans OpenClaw skills for security threats before installation. Catches agent-specific attacks that generic antivirus misses.

Usage

# Scan a skill directory
python3 scripts/skillguard.py scan ~/.openclaw/workspace/skills/<skill-name>

# Scan with JSON output
python3 scripts/skillguard.py scan ~/.openclaw/workspace/skills/<skill-name> --json

# Scan all installed skills
python3 scripts/skillguard.py scan-all

# Quick summary of all skills
python3 scripts/skillguard.py audit

What It Detects

  1. Credential Access — reads of config files, env vars, wallet files, API keys
  2. Network Exfiltration — outbound HTTP calls, encoded payloads, suspicious domains
  3. File System Abuse — path traversal, writes outside skill directory, hidden files
  4. Prompt Injection — SKILL.md content that manipulates agent behavior
  5. Dependency Risks — suspicious npm post-install scripts, known bad packages
  6. Obfuscation — extremely long lines, hex/unicode escape sequences
  7. Symlink Attacks — symlinks escaping the skill directory to access sensitive files
  8. Config File Secrets — hardcoded credentials in .json, .env, .yaml files

Output

Each scan produces:

  • Risk Score: 0-100 (0 = clean, 100 = critical threat)
  • Verdict: PASS / WARN / FAIL
  • Findings: Detailed list of issues with severity and evidence

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

Sop Writer

SOP标准操作流程编写工具。创建SOP、流程图、检查清单、审核评估、模板库、培训材料。SOP writer with create, flowchart, checklist, audit, template, and training materials. Use when you need sop write...

Registry SourceRecently Updated
1610Profile unavailable
Security

proof

A local-first cryptographic toolkit. Executes zero-knowledge proof (ZKP) generation, circuit compilation via SnarkJS/ZoKrates, and formal verification analys...

Registry SourceRecently Updated
1090Profile unavailable
Security

xProof — Blockchain Proof for Agents

Proof and accountability layer for AI agents. Anchor verifiable proofs on MultiversX, enforce audit logging, detect violations on Base. REST API, MCP, x402....

Registry SourceRecently Updated
3840Profile unavailable
Security

Cogdx Pre Trade Audit

Verify trading reasoning with cognitive diagnostics before executing trades. Detects logical fallacies, calibration issues, and cognitive biases in your trad...

Registry SourceRecently Updated
130Profile unavailable