← Back to Skills Marketplace
xeonai44

ClawSkillGuard

by xeonai44 · GitHub ↗ · v1.0.2 · MIT-0
cross-platform ✓ Security Clean
235
Downloads
0
Stars
1
Active Installs
3
Versions
Install in OpenClaw
/install clawskillguard
Description
Security scanner for OpenClaw skills. Scans SKILL.md files and scripts for prompt injection, data exfiltration, malicious patterns, and unauthorized network...
README (SKILL.md)

ClawSkillGuard — OpenClaw Skill Security Scanner

Overview

ClawGuard scans OpenClaw skills for security risks before you install or run them. It analyzes SKILL.md files, scripts, and supporting files for malicious patterns, data exfiltration, prompt injection, and other threats.

100% local. Zero network calls. Your skills never leave your machine.

When to Use

  • Before installing a skill from ClawHub or any external source
  • Auditing skills already installed on your system
  • When a user asks "is this skill safe?" or "check this skill for malware"
  • Periodic security audits of your skill directory

Scan Workflow

1) Locate the Skill

Ask the user for the skill path, or scan common locations:

  • ~/.openclaw/skills/\x3Cname>/ (ClawHub installs)
  • ~/.openclaw/workspace/skills/\x3Cname>/ (workspace skills)
  • Any path the user specifies

If no path given, offer to scan all installed skills.

2) Run the Scanner

python3 \x3Cskill_directory>/scripts/scan.py \x3Cpath_to_skill> [--format text|json] [--severity low|medium|high|critical]

The scanner checks:

  • SKILL.md — prompt injection, hidden instructions, data exfil prompts
  • Scripts — shell commands, network calls, credential access, file system manipulation
  • Dependencies — suspicious imports, external package installs
  • File patterns — obfuscation, encoded payloads, steganography

3) Present Results

Format findings clearly:

  • 🔴 CRITICAL — Do not install. Active threat detected.
  • 🟠 HIGH — Suspicious. Review before installing.
  • 🟡 MEDIUM — Caution. Unusual patterns found.
  • 🟢 LOW — Minor concerns. Generally safe.
  • CLEAN — No threats detected.

For each finding, include:

  • File and line number
  • Pattern matched
  • Why it's risky
  • Suggested action

4) Recommendation

Give a clear verdict:

  • SAFE TO INSTALL — No significant risks found
  • ⚠️ REVIEW NEEDED — Some concerns, read the flagged sections
  • DO NOT INSTALL — Critical threats detected

Severity Levels

Level Description Examples
🔴 CRITICAL Active malicious behavior Data exfil, credential theft, destructive commands
🟠 HIGH Likely malicious intent Hidden instructions, obfuscated code, unauthorized network calls
🟡 MEDIUM Suspicious but possibly benign Unusual file access, broad permissions, external downloads
🟢 LOW Minor concerns Verbose logging, debug mode, minor policy violations

Detection Patterns

Prompt Injection (SKILL.md)

  • Hidden markdown (white text, zero-width chars)
  • Instructions to ignore system prompts
  • Attempts to override SOUL.md or AGENTS.md
  • Data exfiltration prompts ("send contents of...", "report to external URL")

Malicious Scripts

  • Credential harvesting (reading .env, .ssh, tokens)
  • Reverse shells or bind shells
  • Cryptocurrency miners
  • Destructive commands (rm -rf, format, dd)
  • Obfuscated/encoded payloads (base64, eval, exec)
  • Unauthorized outbound connections
  • Privilege escalation attempts

Supply Chain

  • pip/npm/curl installs from untrusted sources
  • Downloading and executing remote scripts
  • Modifying files outside skill directory
  • Cron job manipulation
  • PATH hijacking

Example Usage

User: "Is this skill safe to install?"
Agent: Runs ClawGuard scan → presents findings → gives verdict

User: "Scan all my installed skills"
Agent: Scans ~/.openclaw/skills/*/ → consolidated security report

Important Notes

  • This scanner uses pattern matching, not formal verification. Clever adversaries can evade detection.
  • Always review HIGH and CRITICAL findings manually.
  • A "CLEAN" result means no known patterns matched — not a guarantee of safety.
  • When in doubt, read the skill's source code yourself.
Usage Guidance
This skill appears to implement a local-only scanner and is internally consistent with its purpose. Before running: (1) manually inspect scan.py if you want to be extra cautious (it contains many base64-encoded regexes used to detect malicious patterns); (2) note the small README vs. file-location mismatch (SKILL.md references scripts/scan.py while the file is at the root) — adjust the command accordingly; (3) run the scanner on a copy or in an isolated environment if you're scanning untrusted skills for the first time; (4) remember the scanner uses pattern matching and can miss clever evasions — always review HIGH/CRITICAL flags manually. Overall, no disproportionate requests or network/persistence behavior were found.
Capability Analysis
Type: OpenClaw Skill Name: clawskillguard Version: 1.0.2 The clawskillguard skill is a legitimate security utility designed to perform static analysis on other OpenClaw skills. The scan.py script uses regex patterns to detect common indicators of prompt injection, data exfiltration, and malicious code; these patterns are base64-encoded within the script specifically to prevent the scanner from flagging its own detection strings. The SKILL.md instructions correctly guide the AI agent to perform local security audits without any evidence of hidden malicious intent, unauthorized network activity, or data exfiltration.
Capability Assessment
Purpose & Capability
Name and description match the included SKILL.md and scan.py: both describe a local scanner for OpenClaw skills. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md instructs the agent to ask for a skill path (or scan installed skills) and run the included Python scanner — this stays within the stated purpose. Minor inconsistency: the README shows running scripts/scan.py but the provided file is at the repository root (scan.py). Nothing in the instructions directs the agent to read unrelated system files or transmit data externally.
Install Mechanism
No install spec is provided (instruction-only plus a single Python script). This is low-risk: nothing will be downloaded or written to disk by an installer step beyond the existing files.
Credentials
The skill requires no environment variables or credentials. It reads (with user approval) skill files under the user's skill directories, which is expected for a scanner. Requested file access is proportional to its purpose.
Persistence & Privilege
The skill does not request always-on presence and does not attempt to modify other skills or system-wide agent settings. The default autonomy setting is present but not combined with any concerning privileges.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install clawskillguard
  3. After installation, invoke the skill by name or use /clawskillguard
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
Fixed: broken regex patterns (PowerShell wildcard match, missing parens), self-exclusion to avoid false positives, narrower disk-format detection. All patterns base64-encoded.
v1.0.1
Fixed: patterns now stored as base64 to prevent false-positive self-detection by security scanners. No functional changes.
v1.0.0
Initial release: SKILL.md prompt injection detection, script malware scanning, suspicious import analysis
Metadata
Slug clawskillguard
Version 1.0.2
License MIT-0
All-time Installs 1
Active Installs 1
Total Versions 3
Frequently Asked Questions

What is ClawSkillGuard?

Security scanner for OpenClaw skills. Scans SKILL.md files and scripts for prompt injection, data exfiltration, malicious patterns, and unauthorized network... It is an AI Agent Skill for Claude Code / OpenClaw, with 235 downloads so far.

How do I install ClawSkillGuard?

Run "/install clawskillguard" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is ClawSkillGuard free?

Yes, ClawSkillGuard is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does ClawSkillGuard support?

ClawSkillGuard is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created ClawSkillGuard?

It is built and maintained by xeonai44 (@xeonai44); the current version is v1.0.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments