← Back to Skills Marketplace
669
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install skill-trust-guard
Description
Enforces skill-trust-scanner security checks before installing skills, blocking or alerting based on risk scores to reduce supply chain threats.
Usage Guidance
This package implements exactly what it says (wraps 'clawhub install' and runs a scanner) but contains a couple of red flags you should address before using it: (1) it expects a scanner at a hard-coded developer path (/home/guofeng/...), so by default it will fail on most machines or — if that path exists — run whatever code is there; (2) the pre-install hook uses 'npx tsx' which can fetch and run code from npm at runtime; (3) integrate.sh installs a PATH shim that will intercept all future 'clawhub install' calls. Recommended steps before installing/integrating: inspect the scanner CLI source you plan to point to (set SCANNER_ROOT/SCANNER_CLI to a trusted local copy or a vetted release), run install.sh on a harmless local skill to observe behavior, avoid running integrate.sh until you trust the scanner (or back up your clawhub binary path), and prefer bundling or referencing a released scanner package (GitHub release or published npm package) rather than relying on a hard-coded developer path. If you want a safer posture, ask the author for a packaged scanner dependency or a verified install mechanism.
Capability Analysis
Type: OpenClaw Skill
Name: skill-trust-guard
Version: 1.0.0
The skill-trust-guard is designed as a security measure to scan and block malicious OpenClaw skills, as evidenced by its stated purpose and test reports (TEST_REPORT.md explicitly mentions blocking skills that 'read ~/.clawdbot/.env + exfiltrate to a malicious domain'). However, it is classified as 'suspicious' due to its critical reliance on an external, unprovided 'skill-trust-scanner' (hardcoded path in hooks/pre-install.sh: /home/guofeng/clawd/skill-trust-scanner/src/cli.ts), making its core security logic a black box. Furthermore, the install.sh script performs actions like 'git clone' and 'clawhub install' (for temporary fetching) *before* the skill is fully scanned, which could expose the system to pre-scan execution risks (e.g., git hooks or clawhub pre-install scripts from untrusted skills).
Capability Assessment
Purpose & Capability
The name/description (enforce a pre-install scanner) matches what the scripts do (wrapper + pre-install hook + shim). However the scanner dependency is hard-coded to /home/guofeng/clawd/skill-trust-scanner/src/cli.ts by default, which is specific to the author's environment and not explained in the metadata — this will either fail for users or cause the wrapper to run an arbitrary local script if that path exists. That hard-coded path is unexpected for a distributable skill.
Instruction Scope
SKILL.md and the scripts are focused on scanning a skill directory and making allow/warn/reject decisions. The runtime instructions do not attempt to read unrelated system files themselves (they delegate scanning to an external scanner). The wrapper intercepts 'clawhub install' via a PATH shim as documented, which is consistent with the stated goal.
Install Mechanism
There is no packaged install spec (instruction-only with scripts). The pre-install hook uses 'npx tsx' to execute a TypeScript CLI at a user-expected path; running 'npx' may fetch tools from npm at runtime if tsx is not present, which introduces network code execution. The hard-coded scanner path increases fragility and risk because the skill expects an external project present on disk rather than bundling or installing a vetted scanner from a known release host.
Credentials
The skill does not request credentials or config paths beyond optional SCANNER_ROOT/SCANNER_CLI overrides. It does not try to read or exfiltrate environment variables itself. The only notable env usage is allowing override of the scanner path, which is reasonable but means the scanner run will have whatever access that scanner has.
Persistence & Privilege
The integrate.sh installs a shim in ~/.openclaw/bin and instructs users to add it to PATH, which gives the skill persistent interception of 'clawhub install' when that PATH entry is earlier. This is consistent with the purpose but is a behavior that can affect all future installs and should be consciously accepted by the user. The skill is not 'always: true' and does not modify other skill configs.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install skill-trust-guard - After installation, invoke the skill by name or use
/skill-trust-guard - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of skill-trust-guard:
- Enforces a mandatory skill security scan (skill-trust-scanner) before installation.
- Blocks installation of high-risk skills (score < 50), warns for medium risk, and allows low-risk skills.
- Integrates seamlessly with existing CLI usage, including a PATH shim for automatic protection.
- Includes reusable hooks and documented integration steps.
Metadata
Frequently Asked Questions
What is Skill Trust Guard?
Enforces skill-trust-scanner security checks before installing skills, blocking or alerting based on risk scores to reduce supply chain threats. It is an AI Agent Skill for Claude Code / OpenClaw, with 669 downloads so far.
How do I install Skill Trust Guard?
Run "/install skill-trust-guard" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Skill Trust Guard free?
Yes, Skill Trust Guard is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Skill Trust Guard support?
Skill Trust Guard is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Skill Trust Guard?
It is built and maintained by Flynn Guo (@walkman1w); the current version is v1.0.0.
More Skills