skillguard

Security auditing for OpenClaw agent skills. Scans skills for dangerous patterns, vulnerable dependencies, and suspicious behaviors before installation.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "skillguard" with this command: npx skills add jonathanliu811026/skill-guard-security

SkillGuard

Security scanner for OpenClaw agent skills.

What It Does

SkillGuard audits agent skills from ClawHub before you install them, detecting:

  • Dangerous code patterns (command injection, eval usage)
  • File system access risks
  • Network call vulnerabilities
  • Suspicious shell commands
  • Known vulnerable dependencies

Usage

CLI

# Audit by skill name
npx skillguard-audit --name <skill-slug>

# Audit local skill folder
npx skillguard-audit --path ./my-skill

API Server

# Start the API server
npx skillguard-audit serve --port 3402

# Audit via API
curl -X POST http://localhost:3402/api/audit -d '{"name": "some-skill"}'

Verdict

RatingMeaning
🟢 SAFENo significant security issues
🟡 CAUTIONPotential risks, review recommended
🔴 DANGEROUSHigh-risk patterns, do not install

Integration

See CLAWHUB_INTEGRATION.md for ClawHub integration patterns.

Example Output

{
  "skill": "some-skill",
  "verdict": "CAUTION",
  "score": 65,
  "risks": [
    {"type": "shell_command", "severity": "medium", "file": "index.js", "line": 42}
  ]
}

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

Component Library Audit

Audit React, Vue, or Svelte component libraries — find unused components, inconsistent props, missing documentation, accessibility issues, missing tests, and...

Registry SourceRecently Updated
120charlie-morrison
Security

Repository Health Score

Score a repository's health across 8 dimensions — code quality, testing, documentation, CI/CD, security, dependencies, community, and maintainability. Produc...

Registry SourceRecently Updated
270Profile unavailable
Security

个人数字安全体检

检查邮箱泄露和密码强度,生成安全评分报告。

Registry SourceRecently Updated
1760Profile unavailable
Security

agent-bom registry

MCP server security registry and trust assessment — look up servers in the 427+ server security metadata registry, run pre-install marketplace checks, batch...

Registry SourceRecently Updated
7180Profile unavailable