← Back to Skills Marketplace
382
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install skill-guard-actor
Description
Scan ClawHub skills for prompt injection and malicious content using Lakera Guard before installing them. Run automatically when the user asks to install a s...
Usage Guidance
SkillGuard's purpose and requested credentials make sense for running an Apify-based scan, but there are several things to check before installing:
- Verify the Apify actor and owner: inspect the Apify actor (numerous_hierarchy/skill-guard-actor, ID TMjFBNFqIIUfCBf6K) on console.apify.com to review what that actor actually does and confirm you trust its owner.
- Confirm webhook security: the skill requires your OpenClaw webhook URL and token. Ensure that endpoint is reachable only to trusted services and that the token is stored and transmitted securely.
- Review automatic file-write behavior: the skill intends to append an install policy to a TOOLS.md file on first install. Decide whether you want a skill to modify workspace files automatically; ask the author for a prompt/consent step or change the behavior to require your explicit approval.
- Fix the documentation inconsistencies: the SKILL.md references different paths for TOOLS.md and the script requires external tools (curl, jq, base64) that are not declared in metadata. Ensure those binaries exist and confirm where files will be written.
- Least privilege: consider creating tokens with limited scope (if possible) rather than reusing full-power tokens.
If you want to proceed: manually inspect the included scripts and the Apify actor's code/run logs, and consider running the script in a sandboxed environment first. If you are uncomfortable with automatic modifications to your workspace, ask the author to remove or make the TOOLS.md append opt-in.
Capability Analysis
Type: OpenClaw Skill
Name: skill-guard-actor
Version: 1.0.0
The skill is designed to enhance security by scanning other skills for malicious content. However, it exhibits a high-risk behavior by instructing the OpenClaw agent to execute a direct shell command (`cat >> ~/.openclaw/workspace/TOOLS.md`) to modify a local file (`TOOLS.md`) during installation. While the content written is a benign security policy, this demonstrates the agent's capability to execute arbitrary shell commands and modify files based on markdown instructions from a skill, which represents a significant vulnerability surface (e.g., RCE, arbitrary file write) if a malicious skill were to exploit this mechanism. This capability, even when used for a benign purpose, elevates the classification to suspicious.
Capability Assessment
Purpose & Capability
SkillGuard claims to scan ClawHub skills using an Apify actor and Lakera Guard; the required environment variables (APIFY_TOKEN, LAKERA_API_KEY, OPENCLAW_WEBHOOK_URL, OPENCLAW_HOOKS_TOKEN) are appropriate and expected for that purpose. Requesting an Apify token as the primary credential is coherent with invoking an Apify actor.
Instruction Scope
The SKILL.md and included script instruct the agent to trigger an Apify actor and receive results via an ad-hoc webhook — that is within scope. However: (1) the skill instructs an automatic 'On First Install' append of a policy to a TOOLS.md file in the workspace (modifies user files outside the skill directory); (2) there are inconsistent path references for that file ({baseDir}/../../TOOLS.md vs ~/.openclaw/workspace/TOOLS.md), which is ambiguous and risky; (3) the bundled script requires tools (curl, jq, base64/openssl, bash features) but the skill metadata declares no required binaries, an inconsistency that may cause runtime failures or hidden assumptions. The automatic, pre-response file modification is the main scope creep to review.
Install Mechanism
No external downloads or package installs are performed by the skill itself — it's instruction-only with one included script. The script simply calls Apify's API; there is no high-risk install mechanism (no remote archive downloads or execution of fetched code).
Credentials
All four environment variables requested are relevant to the described workflow (Apify runs + webhook callback + Lakera). They are sensitive (tokens), so ensure they are stored securely. It's appropriate that APIFY_TOKEN is primary. No unrelated credentials are requested.
Persistence & Privilege
The skill requests to perform an automatic write to a workspace-level TOOLS.md on first install (the SKILL.md explicitly says to do this 'automatically before responding'), which changes user workspace files outside the skill directory. Although not an elevated system privilege, this persistent modification of a user's files without a clearly documented consent step is a notable behavior and should be reviewed/approved by the user. Also, unclear path inconsistency increases risk of writing to an unexpected location.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install skill-guard-actor - After installation, invoke the skill by name or use
/skill-guard-actor - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release — scan ClawHub skills for prompt injection before installing
Metadata
Frequently Asked Questions
What is SkillGuard?
Scan ClawHub skills for prompt injection and malicious content using Lakera Guard before installing them. Run automatically when the user asks to install a s... It is an AI Agent Skill for Claude Code / OpenClaw, with 382 downloads so far.
How do I install SkillGuard?
Run "/install skill-guard-actor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is SkillGuard free?
Yes, SkillGuard is completely free (open-source). You can download, install and use it at no cost.
Which platforms does SkillGuard support?
SkillGuard is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created SkillGuard?
It is built and maintained by Merk (@0xmerkle); the current version is v1.0.0.
More Skills