← Back to Skills Marketplace

Skill Guard

Name: Skill Guard
Author: huaibuer

by HuaiBuer · GitHub ↗ · v1.3.0 · MIT-0

cross-platform ⚠ suspicious

289

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install skill-guard-waai

Description

Skill Security Scanner - Scan for risks before download/use. Use when: installing unknown skills, evaluating third-party code, or security auditing. / Skill安...

Usage Guidance

This appears to be a straightforward local static scanner that looks for suspicious tokens in files. Before using: (1) note that the SKILL.md and code are slightly out of sync (inspect_remote is documented but not implemented); (2) run the scanner only on the directories you intend — it will read file contents in the path you give it (don’t point it at your entire home or root unless you want those files examined); (3) expect false positives and false negatives — this is a heuristic pattern matcher, not a full taint-analysis engine; (4) because it’s local and includes no networking, it won’t exfiltrate data by itself, but always review the scanner’s source yourself if you plan to rely on its results. If you want remote inspection functionality, ask the author for an updated implementation or documentation.

Capability Analysis

Type: OpenClaw Skill Name: skill-guard-waai Version: 1.3.0 The skill is a security scanner designed to audit other skills for potential risks by performing keyword-based static analysis. The implementation in `skill_guard.py` searches for dangerous patterns like code execution, file deletion, and credential leaks within local files, but it does not execute the code it scans or perform any unauthorized network or file operations itself. No evidence of malicious intent, data exfiltration, or prompt injection was found.

Capability Assessment

✓ Purpose & Capability

Name/description match the included code: the Python module implements a pattern-based static scanner that walks a given path and searches files for suspicious tokens. Required binary (python3) is appropriate and proportional.

ℹ Instruction Scope

The SKILL.md usage shows an inspect_remote function and a RISK_PATTERNS dict that are not present in the code (the code provides scan() and check(), and RISK_PATTERNS is a list of tuples). The runtime instructions otherwise only ask you to run the scanner locally; the scanner only reads files under the provided path and does not transmit data externally.

✓ Install Mechanism

There is no install spec that downloads external code; the repository is instruction-only with an included Python file. Nothing in the bundle writes or installs arbitrary binaries from remote URLs.

ℹ Credentials

The skill requests no environment variables or credentials. However, when you point the scanner at a directory it will read files there — so do not scan sensitive system or home directories unless intended (e.g., scanning /home/user can read files like .aws/credentials if present). This is expected for a local scanner but worth remembering.

✓ Persistence & Privilege

Skill does not request persistent privileges, does not set always:true, and does not modify other skills or system-wide configuration. It only reads files within the supplied path.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install skill-guard-waai
After installation, invoke the skill by name or use /skill-guard-waai
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.3.0

- Expanded documentation to include new usage scenarios and installation instructions. - Clarified when to use the scanner for increased safety guidance. - Standardized and updated risk pattern keys in code examples. - Updated version and description metadata. - Added author attribution and improved formatting for easier reading.

v1.2.0

Skill-guard-waai 1.2.0 includes expanded documentation with bilingual (EN/CN) descriptions and improved risk categories. - Updated SKILL.md to include both English and Chinese descriptions. - Refined and expanded risk categories and severity levels. - Clarified usage instructions with concise code samples. - Enhanced risk pattern matching examples for greater clarity and coverage.

v1.1.0

- Initial release of version 1.1.0. - Internal update to skill_guard.py; no user-facing documentation changes. - Core security scan functionality maintained as before.

v1.0.0

Initial release of skill_guard: 全方位Skill安全检查工具 - 新增支持下载或使用前扫描Skill的风险。 - 覆盖重点风险类型，包括：代码执行、文件操作、网络请求、命令注入、依赖漏洞、权限过度、数据泄露、后门等。 - 提供本地与远程Skill扫描功能。 - 列出详细风险模式与严重程度。 - 运行依赖仅需python3。

Metadata

Slug skill-guard-waai

Version 1.3.0

License MIT-0

All-time Installs 1

Active Installs 1

Total Versions 4

Frequently Asked Questions

What is Skill Guard?

Skill Security Scanner - Scan for risks before download/use. Use when: installing unknown skills, evaluating third-party code, or security auditing. / Skill安... It is an AI Agent Skill for Claude Code / OpenClaw, with 289 downloads so far.

How do I install Skill Guard?

Run "/install skill-guard-waai" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Skill Guard free?

Yes, Skill Guard is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Skill Guard support?

Skill Guard is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Skill Guard?

It is built and maintained by HuaiBuer (@huaibuer); the current version is v1.3.0.

More Skills