← Back to Skills Marketplace
liefqin

Skill Guardian

by liefqin · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
266
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install skill-guardian
Description
Safely manage your AI skill collection with trust scoring, security vetting, delayed auto-updates, and pending periods for new skills. Use when adding new sk...
Usage Guidance
What to check before installing or scheduling Skill Guardian: - Vetting is not implemented in the code provided: add_skill calls a vetter subprocess but returns a placeholder trust score (80) instead of parsing real vetter output. Confirm that a trustworthy skill-vetter (and its scripts/vet.py) exists at the expected path and inspect it before relying on automated vetting. - The scripts will invoke the clawhub CLI to list and update skills. apply_updates will run 'clawhub update', which can download and install third-party code — that's the intended function, but it means a compromised or malicious package reachable via clawhub could be installed automatically based on registry entries. - auto_run uses shell=True to run commands and the README/crontab examples reference running under /root/.openclaw/workspace. Avoid adding the cron entries as root until you've tested behavior in a safe, non-privileged environment. - The check_updates parsing is brittle (parses clawhub list output by splitting lines). Expect false positives/negatives; consider testing check_updates/apply_updates with dry-run to see what would happen. - Before trusting automatic promotions/updates, manually inspect assets/skill-registry.json and the contents of skill-vetter and any skills you add. Prefer initially running scripts manually (use --dry-run where available) and validate that vetter output and trust-score calculations match the policy described in references/trust-ratings.md. If you want to proceed: (1) run the vetter scripts manually and inspect their code, (2) run check_updates/apply_updates with --dry-run, (3) test scheduling in a non-root account, and (4) back up your workspace/registry file so you can roll back if an unexpected update is applied.
Capability Analysis
Type: OpenClaw Skill Name: skill-guardian Version: 1.0.0 The Skill Guardian bundle is a utility designed to manage and secure an AI agent's skill collection by implementing trust scores, security vetting, and mandatory waiting periods for updates. The Python scripts (e.g., add_skill.py, apply_updates.py) interact with the clawhub CLI and local vetting tools to automate skill lifecycle management. While the scripts use subprocess execution and suggest cron-based persistence for automation, these behaviors are transparently documented and align strictly with the stated purpose of providing a defensive layer against supply chain attacks.
Capability Assessment
Purpose & Capability
Name/description match the code: registry management, pending periods and trust-based updates are implemented. However the vetting step is effectively a placeholder (vet_skill returns a hard-coded trust_score and does not parse vetter output), so the claim 'Auto-scans every skill before adding' is misleading unless you provide/verify a working skill-vetter implementation.
Instruction Scope
Runtime instructions and scripts execute other programs (clawhub CLI and a skill-vetter script) and write a local registry JSON. add_skill calls an external vet.py via subprocess, check_updates runs 'clawhub list', and apply_updates runs 'clawhub update' which will fetch and install external code — these are expected for an updater but grant the skill the ability to trigger installation/execution of other skills. auto_run uses shell=True to invoke commands, which is more brittle and increases risk if paths are manipulated.
Install Mechanism
No install spec — instruction-only plus included Python scripts. Nothing is downloaded by the skill itself; external downloads happen via the clawhub CLI when you run updates (expected for an updater).
Credentials
No environment variables or secrets requested. Required components (Python, clawhub CLI, skill-vetter) are relevant to the stated purpose. The number and type of external requirements are proportionate to a registry/updater tool.
Persistence & Privilege
always:false (no forced always-on). The documentation recommends adding cron jobs and even shows examples using /root/.openclaw/workspace — running scheduled jobs as root or modifying system crontab increases risk and should be considered carefully. The skill will run periodically and may auto-update other skills if scheduled.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install skill-guardian
  3. After installation, invoke the skill by name or use /skill-guardian
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of Skill Guardian – automated, secure AI skill management. - Adds trust scoring and security vetting for new and existing skills. - Implements delayed auto-updates (10 days) for non-high-trust skills; immediate update for trust ≥90. - Introduces a 5-10 day pending period before new skills become active. - Provides CLI tools for listing, adding, updating, and processing skills with safety checks. - Supports automated scheduling via cron for hands-free operation. - Detailed documentation included for setup, workflows, and best practices.
Metadata
Slug skill-guardian
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Skill Guardian?

Safely manage your AI skill collection with trust scoring, security vetting, delayed auto-updates, and pending periods for new skills. Use when adding new sk... It is an AI Agent Skill for Claude Code / OpenClaw, with 266 downloads so far.

How do I install Skill Guardian?

Run "/install skill-guardian" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Skill Guardian free?

Yes, Skill Guardian is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Skill Guardian support?

Skill Guardian is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Skill Guardian?

It is built and maintained by liefqin (@liefqin); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments