senseguard

Semantic security scanner for OpenClaw skills. Detects prompt injection, data exfiltration, and hidden instructions that traditional code scanners miss. Use when user asks to scan skills, check skill safety, or run a security audit.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "senseguard" with this command: npx skills add fermionoid/senseguard

SenseGuard

Scans OpenClaw skills for natural language security threats — the kind that VirusTotal and traditional code scanners cannot detect.

Traditional scanners see SKILL.md as a text file. SenseGuard sees it as agent instructions and checks for prompt injection, data exfiltration, obfuscation, and persistence attacks.

How to Use

When the user asks to scan a skill:

python3 scripts/scanner.py --target <skill-name-or-path>

Options:

  • --target all — scan all installed skills
  • --deep — force LLM semantic analysis (Layer 2)
  • --no-cache — skip cached results
  • --json — output raw JSON for further processing

Layer 2 (Semantic Analysis)

When --json output contains a layer2_prompt field, process it as a security audit task, then feed the JSON result back to generate the final score. This is how the LLM analyzes intent beyond regex patterns.

Output

The scanner outputs a Markdown risk report with:

  • Score (0-100) and rating: SAFE / CAUTION / DANGEROUS / MALICIOUS
  • Findings with rule IDs, evidence text, and line numbers
  • Actionable recommendations

For CRITICAL findings, clearly advise the user to take action.

Key Differentiator

SenseGuard catches what VirusTotal cannot:

  • "ignore all previous instructions" — prompt injection
  • curl -X POST hidden in Markdown — data exfiltration
  • Zero-width characters hiding commands — obfuscation
  • "modify MEMORY.md" — persistence attacks

These are invisible to traditional malware scanners because they target the AI agent, not the operating system.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

Clawhub Publish V621

Enterprise AI Agent Security Scanner - 846 rules, three-layer detection architecture, risk tier classification. Detects prompt injection, credential theft, d...

Registry SourceRecently Updated
4281Profile unavailable
Security

AgentShield Scanner

Scan AI agent skills, MCP servers, and plugins for security vulnerabilities. Use when: user asks to check a skill/plugin for safety, audit security, scan for...

Registry SourceRecently Updated
3130Profile unavailable
Security

Deepsafe Scan

Preflight security scanner for AI coding agents — scans deployment config, skills/MCP servers, memory/sessions, and AI agent config files (hooks injection) f...

Registry SourceRecently Updated
3440Profile unavailable
Security

OpenClaw Security Suite

Comprehensive security suite for OpenClaw skills. Includes static scanning (AST + keywords) and AI-powered semantic behavior review to detect malicious code.

Registry SourceRecently Updated
3720Profile unavailable