← Back to Skills Marketplace
SkillGuard by Farnwick
by
FarnwickArglefax
· GitHub ↗
· v1.0.0
589
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install farnwick-skillguard
Description
AI-powered security scanner for OpenClaw skills. Scans skill files for credential theft, data exfiltration, reverse shells, obfuscation, and other threats be...
README (SKILL.md)
SkillGuard 🛡️
AI-powered security scanner for OpenClaw skills. Analyzes skill code for malicious behaviour before you install it.
Commands
Scan before install (recommended)
skillguard install \x3Cskill-name>
Downloads the skill to a temp directory, runs AI security analysis, shows verdict, then asks for confirmation before installing via clawhub.
Example:
skillguard install my-new-skill
Audit installed skills
skillguard audit
Scans all skills in /usr/lib/node_modules/openclaw/skills/, ~/.openclaw/workspace/skills/, and ~/.openclaw/skills/. Prints a table summary with details on any flagged skills.
Scan a local path
skillguard scan \x3Cpath>
Scan any local skill directory without installing. Useful for reviewing skills you've already downloaded or developed locally.
Example:
skillguard scan ./my-skill-folder
skillguard scan /usr/lib/node_modules/openclaw/skills/some-skill
Risk Levels
| Level | Meaning |
|---|---|
| ✅ CLEAN | No security issues detected |
| 🟡 LOW | Minor concerns, generally safe |
| ⚠️ MEDIUM | Review recommended before installing |
| 🚨 HIGH | Dangerous — do not install without careful manual review |
What Gets Checked
- Credential theft: Reads to
~/.ssh/,~/.openclaw/, API keys,.envfiles - Data exfiltration: curl/wget/fetch POSTing data to external servers
- Reverse shells: netcat, bash TCP redirects, socat to external IPs
- Privilege escalation: sudo abuse, setuid bits, writing to
/etc/ - Persistence: cron installs, systemd units,
.bashrcmodifications - Obfuscation: base64-piped-to-bash, eval with dynamic content
- Package smuggling: undisclosed npm/pip installs
- Reconnaissance: network scanning, system info harvesting
Usage by the AI Agent
When the user asks to install a skill, use skillguard first:
python3 /root/.openclaw/workspace/skills/skillguard/skillguard.py install \x3Cskill-name>
When the user asks to check their installed skills for security issues:
python3 /root/.openclaw/workspace/skills/skillguard/skillguard.py audit
When the user asks to check a specific local skill directory:
python3 /root/.openclaw/workspace/skills/skillguard/skillguard.py scan /path/to/skill
Output Examples
Clean skill:
✅ SkillGuard: good-skill — Clean. Installing...
Flagged skill:
🚨 SkillGuard: bad-skill — Risk: HIGH
Reads /root/.openclaw/*.json and POSTs to external IP.
[HIGH] Data Exfiltration: curl POST of ~/.openclaw/openclaw.json to 45.33.32.156 [scripts/init.sh:14-22]
[MEDIUM] Credential Theft: Reads ~/.ssh/id_rsa without disclosure [scripts/setup.sh:8]
Install bad-skill anyway? (type YES to confirm)
Requirements
- Python 3.6+
- An Anthropic, OpenRouter, or DeepSeek API key configured in OpenClaw
clawhubCLI (forinstallcommand only)
Notes
- Binary files are automatically skipped
- Files larger than 100KB are truncated before analysis
- Analysis uses Claude Opus (or best available model) for maximum accuracy
- The scan itself is safe — skills are text files, not executed during scanning
Usage Guidance
This skill appears to do what it claims: it collects skill files and sends them to your configured LLM backend for analysis and can scan installed skill directories. Before installing or running: 1) Verify you trust the LLM provider(s) configured in OpenClaw, because scanned files (which might include secrets or credentials in SKILL.md or scripts) will be transmitted to those services. 2) Confirm you are comfortable SkillGuard reading the OpenClaw auth-profiles file (~/.openclaw/agents/main/agent/auth-profiles.json) to retrieve API tokens. 3) Note the registry metadata does not declare a primary credential even though the tool needs an LLM key in OpenClaw — consider this a minor mismatch. 4) Optionally review skillguard.py yourself (it is included) to confirm it does not exfiltrate scans to any endpoint other than the configured LLMs or call unexpected external servers. If you accept those behaviors, SkillGuard is reasonable to use.
Capability Analysis
Type: OpenClaw Skill
Name: farnwick-skillguard
Version: 1.0.0
The OpenClaw SkillGuard skill is designed to be a security scanner, and its code and documentation align perfectly with this stated purpose. It legitimately accesses OpenClaw's own authentication profiles to retrieve API keys for its LLM analysis, uses `clawhub` for skill management, and sends collected skill file contents to an LLM for security analysis. There is no evidence of intentional malicious behavior, data exfiltration, unauthorized execution, or prompt injection attempts within SkillGuard's own code or instructions.
Capability Assessment
Purpose & Capability
Name/description match behavior: the tool collects skill files, analyzes them with an LLM, reports risk, and optionally runs clawhub to install. Required binary (python3) and scan targets (/usr/lib..., ~/.openclaw/...) align with the stated purpose.
Instruction Scope
SKILL.md and code instruct scanning installed skills and local paths and explicitly run python3 skillguard.py install/audit/scan. The scanner sends collected file contents to external LLM providers (Anthropic/OpenRouter/DeepSeek) or uses the local openclaw agent — this is necessary for its analysis but means skill files (which can contain secrets) are transmitted to configured LLM backends; the SKILL.md documents this.
Install Mechanism
No install spec; code is included and runs locally. No remote downloads or archive extraction are performed by the skill itself, lowering install risk.
Credentials
The skill reads OpenClaw auth profiles (~/.openclaw/agents/main/agent/auth-profiles.json) to obtain LLM API keys and may invoke openclaw CLI. SKILL.md documents the need for an LLM API key in OpenClaw, but registry metadata does not declare a primary credential or required env vars — a small metadata mismatch worth noting.
Persistence & Privilege
always:false and it does not request permanent presence or modify other skills. It invokes subprocesses and may call openclaw agent --local to obtain LLM responses; this is appropriate for its function.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install farnwick-skillguard - After installation, invoke the skill by name or use
/farnwick-skillguard - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of SkillGuard, an AI-powered security scanner for OpenClaw skills.
- Scans skill files for threats like credential theft, data exfiltration, reverse shells, obfuscation, and more before installation.
- Provides commands to scan before install, audit all installed skills, or scan a local path.
- Categorizes risks as CLEAN, LOW, MEDIUM, or HIGH, with clear summaries and details for flagged skills.
- Skips binary files and safely analyzes text up to 100KB per file.
- Requires Python 3.6+ and a valid AI API key.
Metadata
Frequently Asked Questions
What is SkillGuard by Farnwick?
AI-powered security scanner for OpenClaw skills. Scans skill files for credential theft, data exfiltration, reverse shells, obfuscation, and other threats be... It is an AI Agent Skill for Claude Code / OpenClaw, with 589 downloads so far.
How do I install SkillGuard by Farnwick?
Run "/install farnwick-skillguard" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is SkillGuard by Farnwick free?
Yes, SkillGuard by Farnwick is completely free (open-source). You can download, install and use it at no cost.
Which platforms does SkillGuard by Farnwick support?
SkillGuard by Farnwick is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created SkillGuard by Farnwick?
It is built and maintained by FarnwickArglefax (@farnwickarglefax); the current version is v1.0.0.
More Skills