skill_guard

Skill Security Scanner - Scan for risks before download/use. Use when: installing unknown skills, evaluating third-party code, or security auditing. / Skill安全检查 - 下载/使用前检测风险。

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "skill_guard" with this command: npx skills add WaaiOn/skill-guard-waai

🛡️ Skill Guard / 安全检查

Security scanner for AI Skills. Check code safety before install or use.

When to Use / 使用场景

EN	CN
Installing unknown skills	安装未知来源的skill
Evaluating third-party code	评估第三方代码
Security auditing	安全审计
Before running untrusted code	运行不受信任的代码前

Risk Categories / 风险类型

Category	EN	CN
Code Execution	代码执行	🔴 Critical
File Deletion	文件删除	🔴 Critical
Command Injection	命令注入	🔴 Critical
Credential Leak	凭证泄露	🟠 High
Network Request	网络请求	🟠 High
Data Theft	窃取数据	🔴 Critical
Induce Transfer	诱导转钱	🔴 Critical
Virus/Backdoor	病毒/后门	🔴 Critical

Usage / 使用

# Scan local skill / 扫描本地skill
python3 -c "from skill_guard import scan; print(scan('/path/to/skill'))"

# Inspect remote / 检查远程
python3 -c "from skill_guard import inspect_remote; print(inspect_remote('skill-name'))"

Risk Patterns / 风险模式

RISK_PATTERNS = {
    'code_execution': ['exec(', 'eval(', 'compile(', '__import__'],
    'file_deletion': ['rm -rf', 'shutil.rmtree', 'os.remove'],
    'command_injection': ['subprocess', 'os.system', 'shell=True'],
    'credential_leak': ['password', 'api_key', 'token', 'secret'],
    'data_theft': ['/etc/passwd', '~/.ssh', 'clipboard'],
    'induce_transfer': ['alipay', 'bank_card', 'payment'],
    'virus_backdoor': ['ransomware', 'miner', 'backdoor'],
}

Installation / 安装

npx clawhub install skill-guard-waai

Author / 作者

WaaiOn

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry Record Open in ClawHub

Related Skills

Related by shared tags or category signals.

Security

Code Review Inspector

Automated code review checking for bugs, security issues, best practices, performance problems, and code style

Registry SourceRecently Updated

330michaelatamuk

Security

agent-bom runtime

AI runtime security monitoring — context graph analysis, runtime audit log correlation with CVE findings, and vulnerability analytics queries. Use when the u...

Registry SourceRecently Updated

7870msaad00

Security

agent-bom scan

Open security scanner for agentic infrastructure — agents, MCP, packages, blast radius, runtime, and trust for package CVEs (OSV, NVD, EPSS, KEV), container...

Registry SourceRecently Updated

7740msaad00

Security

agent-bom vulnerability intel

Use agent-bom to check package, SBOM, inventory, and agent dependency exposure against OSV, GitHub Security Advisories, NVD, EPSS, and CISA KEV with explicit...

Registry SourceRecently Updated

300msaad00