← Back to Skills Marketplace
621
Downloads
0
Stars
2
Active Installs
4
Versions
Install in OpenClaw
/install skill-install-guardian
Description
Security and due diligence layer for installing external skills from ClawHub. Performs DEEP content scanning for malicious patterns, security checks, integra...
Usage Guidance
This skill appears to do what it says (scan skills before install) and does not request extra credentials or install components, but it has some implementation weaknesses you should consider before relying on it as your only defense: 1) The file-list parsing and the way script file paths are fetched are brittle and may miss files in subdirectories — review and test the scanner on representative skills to confirm coverage. 2) It depends on the trustworthiness and behavior of the local `npx clawhub` CLI; ensure that binary is the official/expected one and that its `--files` and `--file` outputs match what the script expects. 3) Expect false positives and false negatives; always manually review CRITICAL flags. 4) Run the script in an isolated environment (or CI sandbox) the first few times to observe its behavior and outputs. If you plan to rely on it operationally, request or implement fixes to (a) fetch files using their full reported paths rather than basenames, (b) make file-list parsing robust to different CLI output formats, and (c) add explicit logging and an audit trail of scans and owner decisions.
Capability Analysis
Type: OpenClaw Skill
Name: skill-install-guardian
Version: 1.3.0
The OpenClaw skill 'skill-install-guardian' is designed to perform security and due diligence checks on other skills before installation. Both its documentation (SKILL.md) and its Python script (scripts/check.py) consistently reflect this security-focused purpose. The script implements robust slug validation and uses safe, list-based `subprocess.run` calls to prevent shell injection when interacting with `npx clawhub`. It actively scans other skill files for dangerous patterns (like `eval()`, `exec()`, API keys, and obfuscation) and reports findings. There is no evidence of malicious intent, data exfiltration, unauthorized execution, or prompt injection attempts within this skill itself; rather, it aims to detect such issues in *other* skills.
Capability Assessment
Purpose & Capability
The skill's name and description (pre-install security checks) match what it actually does: it calls the ClawHub CLI (npx clawhub inspect) to fetch reports and files, scans file contents for dangerous patterns, and generates a report for owner confirmation. Required binary (npx) is expected and proportional; no unrelated env vars or credentials are requested.
Instruction Scope
SKILL.md instructs fetching SKILL.md and script files and scanning for dangerous patterns only — consistent with purpose. The implementation is explicitly read-only and validates slugs to reduce injection risk. However, the code uses a brittle parser for the `--files` output (looks for a 'Files:' section and takes the first token as filename) and, for script files, strips directory paths and calls fetch_file_content with only the basename (which may fail to fetch files located in subdirectories). These bugs can produce false negatives or skip files, reducing the scanner's effectiveness. Also the code prints and returns results but does not send findings to an external endpoint, matching the declared 'report to owner' behavior.
Install Mechanism
There is no install spec (instruction-only plus one script file). No remote downloads or archive extraction are performed by the skill itself. It relies on the local npx/clawhub CLI to fetch skill data, which is an expected, low-risk approach for this purpose.
Credentials
No environment variables or secrets are requested. The scanner detects patterns that look like keys in file contents but does not itself require any credentials — proportional and appropriate for the described functionality.
Persistence & Privilege
always:false and no system-wide config modification are present. The skill does not request persistent privileges or attempt to modify other skills' configs. disable-model-invocation is default (false) which is normal; there is no other elevated privilege requested.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install skill-install-guardian - After installation, invoke the skill by name or use
/skill-install-guardian - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.3.0
Deep content scanning - fetches and analyzes actual file contents for security patterns
v1.2.0
Fixed documentation accuracy, removed unused curl, added limitations
v1.1.0
Fixed command injection vulnerability
v1.0.0
Initial release - security and due diligence for skill installation
Metadata
Frequently Asked Questions
What is Skill Install Guardian?
Security and due diligence layer for installing external skills from ClawHub. Performs DEEP content scanning for malicious patterns, security checks, integra... It is an AI Agent Skill for Claude Code / OpenClaw, with 621 downloads so far.
How do I install Skill Install Guardian?
Run "/install skill-install-guardian" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Skill Install Guardian free?
Yes, Skill Install Guardian is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Skill Install Guardian support?
Skill Install Guardian is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Skill Install Guardian?
It is built and maintained by ohnednez (@zendenho7); the current version is v1.3.0.
More Skills