← Back to Skills Marketplace
234
Downloads
1
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install safe-guard
Description
Claude Code / OpenClaw Skill 安全防护工具。 三大能力:(1) 始终生效的 PreToolUse Hook,拦截高危操作; (2) 静态正则 + LLM 语义审计的深度扫描; (3) 沙盒隔离环境运行脚本并监控行为。 支持 scan-only、safe-run、sandbox-test...
Usage Guidance
This skill appears to implement what it claims (static scanner, LLM checklist, sandbox, and a PreToolUse hook), but there are red flags that justify extra caution:
- Keyword segmentation and many `# noscan` markers: the code fragments keywords (e.g., '.a'+'ws', 'bash'+'rc') to avoid static detection. While the author may claim this prevents false positives, the same technique is commonly used by malware to evade scanners. Ask the author to justify why segmentation is needed and request a version without obfuscation for review.
- PreToolUse hook is high-impact: installing the skill will register a hook that runs on tool calls and can block them. Only enable this in environments where you can tolerate a gatekeeper script; prefer scan-only or sandbox-test modes first.
- Review permissions and local settings: inspect .claude/settings.local.json and hooks/hooks.json to ensure no platform-level permission escalations or overly permissive allowed commands are being granted implicitly.
- Run tests in an isolated environment: before enabling the hook in your main agent, run the skill on non-sensitive sample skills in a disposable VM or container to observe behavior. Use the sandbox-run and quick-scan locally and verify outputs.
- Validate source provenance: the package has no homepage and an unknown owner. Prefer code from auditable, known sources or ask the publisher for a transparency statement and reproducible build steps.
If you need a short checklist to proceed safely: (1) ask the author why obfuscation is used; (2) run quick_scan.py and sandbox_run.py locally on a copied sample; (3) do not enable hooks in production until reviewed; (4) consider limiting the hook to 'scan-only' or requiring explicit user confirmation before allowing the hook to persist.
Capability Analysis
Type: OpenClaw Skill
Name: safe-guard
Version: 1.0.2
The 'safe-guard' skill bundle is a comprehensive security utility designed to audit and protect OpenClaw and Claude Code environments. It implements a multi-layered defense strategy including a PreToolUse hook (hooks/danger_guard.py) for real-time interception of dangerous shell commands and file writes, a static analysis engine (scripts/quick_scan.py) with 38+ detection rules, and a behavioral sandbox (scripts/sandbox_run.py) for isolated script testing. While the tool utilizes string segmentation to avoid antivirus false positives and requests broad execution permissions in .claude/settings.local.json, these behaviors are well-documented and strictly aligned with its stated purpose of identifying and mitigating malicious skill behavior.
Capability Assessment
Purpose & Capability
Name/description claim a scanning + sandbox + hook product, and the repository contains matching components (quick_scan.py, sandbox_run.py, danger_guard.py, hooks.json, checklist/known threats). The files and declared capabilities are largely coherent with the stated purpose. However, the code contains deliberate keyword segmentation and many `# noscan` markers (see quick_scan.py, danger_guard.py, sandbox_run.py) — an uncommon pattern for normal tools because it looks like evasion of static detectors. That choice is explainable (to avoid false positives), but it is unusual and should be justified by the author.
Instruction Scope
SKILL.md prescribes scanning by reading every file under the target skill directory, optionally cloning remote repos into a temp dir, running static regex scanner and an optional sandbox run. That scope is consistent with a deep audit tool. Note: reading 'every file' and running scripts in a sandbox implies the tool will access potentially sensitive files contained in scanned repos (e.g., .env, keys if mistakenly committed) — expected for an auditor but a privacy consideration.
Install Mechanism
No external install/download steps are required; this is instruction+code in the skill bundle (no remote fetch or installer). The tool runs local Python scripts and a hook command via hooks.json. No high-risk download URLs or package installs were found.
Credentials
The skill does not request external credentials or environment variables. It performs file reads within target skill directories and may clone remote repos into a temporary directory for scanning; the sandbox uses Path.home() to construct deny-lists. That's proportionate for an auditor, but it means the tool will (by design) examine files that can contain secrets. Also review .claude/settings.local.json included in the package — it lists many permissive Bash invocation patterns which could influence what gets executed when the skill is loaded; understand platform permission semantics before enabling.
Persistence & Privilege
The skill ships a PreToolUse hook (hooks/hooks.json) that will be registered by the platform and run automatically to intercept tool calls (Bash, Edit/Write matchers). That hook can block tool operations (exits with nonzero) and persists session state in a temp directory. This behavior is consistent with the claimed 'always-active interception' feature, but it is a high-impact capability: a malicious or buggy hook could block or tamper with other agent actions. The skill's registry metadata does not set platform-level 'always: true', but the hook registration itself grants it an always-running interception role when installed.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install safe-guard - After installation, invoke the skill by name or use
/safe-guard - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
- Added local settings file support: `.claude/settings.local.json` is now included for environment or configuration customization.
- No other changes to core functionality or audit logic.
v1.0.1
No functional or documentation changes in this version.
- Version bumped to 1.0.1 with no file or content changes detected.
- No modifications to code, configuration, or documentation files.
- Behavior and skill description remain identical to previous release.
v1.0.0
Skill Guard initial release — comprehensive security auditing and protection for Claude Code/OpenClaw skills.
- Provides three layers: static pattern scan, sandbox behavioral isolation, and LLM-powered audit for thorough security checks.
- Offers always-active PreToolUse hooks to block dangerous operations like rm -rf / and reverse shells before execution.
- Supports multiple modes: scan-only, safe-run, sandbox-test, and hook-status for flexible usage.
- Scans local or remote skills (including GitHub/ClawHub URLs) and verifies all files for completeness.
- Outputs clear, structured reports in English or Chinese, summarizing findings across static, sandbox, and semantic audits.
- Automatically locates target skills across Claude Code, OpenClaw, and project/user-specified paths.
Metadata
Frequently Asked Questions
What is safe-guard?
Claude Code / OpenClaw Skill 安全防护工具。 三大能力:(1) 始终生效的 PreToolUse Hook,拦截高危操作; (2) 静态正则 + LLM 语义审计的深度扫描; (3) 沙盒隔离环境运行脚本并监控行为。 支持 scan-only、safe-run、sandbox-test... It is an AI Agent Skill for Claude Code / OpenClaw, with 234 downloads so far.
How do I install safe-guard?
Run "/install safe-guard" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is safe-guard free?
Yes, safe-guard is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does safe-guard support?
safe-guard is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created safe-guard?
It is built and maintained by Igloos (@igloomatics); the current version is v1.0.2.
More Skills