← Back to Skills Marketplace
jamesouttake

skill-guard

by hola · GitHub ↗ · v1.0.2
cross-platform ✓ Security Clean
13875
Downloads
4
Stars
80
Active Installs
3
Versions
Install in OpenClaw
/install skill-guard
Description
Scan ClawHub skills for security vulnerabilities BEFORE installing. Use when installing new skills from ClawHub to detect prompt injections, malware payloads, hardcoded secrets, and other threats. Wraps clawhub install with mcp-scan pre-flight checks.
Usage Guidance
Install only if you are comfortable letting this skill run shell commands that stage, scan, and install other skills. Review safe-install.sh first, avoid --force unless you intend to replace an existing skill, and install uv through a trusted package manager or verified installer when possible.
Capability Analysis
Type: OpenClaw Skill Name: skill-guard Version: 1.0.2 This skill, 'skill-guard', is designed to enhance security by scanning other OpenClaw skills for vulnerabilities before installation. The `SKILL.md` documentation clearly outlines its purpose and methods, without any prompt injection attempts. The `scripts/safe-install.sh` script uses legitimate tools (`clawhub`, `uvx`, `mcp-scan`) to download skills to a temporary staging area (`/tmp`), scan them, and only install them if no security issues are detected. It does not exhibit any malicious behaviors such as data exfiltration, unauthorized remote control, or persistence mechanisms. While the installation instructions for its `uv` dependency suggest `curl | sh`, this is a common method for that specific tool and is an instruction for the user, not an action performed by the skill's core logic for a malicious payload.
Capability Assessment
Purpose & Capability
The stated purpose is to stage, scan, and then install other skills; using shell commands, temporary staging, external scan tools, and the OpenClaw skills directory is coherent with that purpose.
Instruction Scope
The documented install-anyway and force-overwrite paths affect installed skills, but they appear user-directed rather than hidden or automatic.
Install Mechanism
The skill depends on external CLIs and documents a curl-to-shell uv installer; the reported sourcing of $HOME/.local/bin/env is a hardening concern but not evidence of exfiltration or deception.
Credentials
The described file operations are scoped to /tmp/skill-guard-staging and the OpenClaw skills workspace, with no artifact-backed evidence of broad local indexing, credential harvesting, or unrelated network transfer.
Persistence & Privilege
Installing or overwriting a skill creates normal OpenClaw skill persistence, but no cron, background worker, privilege escalation, or system-level persistence was shown.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install skill-guard
  3. After installation, invoke the skill by name or use /skill-guard
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
Added competitive comparison table. Emphasizes what skill-guard catches that VirusTotal and skillscanner miss: prompt injections, data exfiltration, hidden instructions, AI-specific threats.
v1.0.1
Pre-install security scanning for ClawHub skills
v1.0.0
Initial release: pre-install security scanning for ClawHub skills. Scan before you install — detect prompt injections, malware, secrets, and data exfiltration. Powered by mcp-scan (Invariant/Snyk).
Metadata
Slug skill-guard
Version 1.0.2
License
All-time Installs 458
Active Installs 80
Total Versions 3
Frequently Asked Questions

What is skill-guard?

Scan ClawHub skills for security vulnerabilities BEFORE installing. Use when installing new skills from ClawHub to detect prompt injections, malware payloads, hardcoded secrets, and other threats. Wraps clawhub install with mcp-scan pre-flight checks. It is an AI Agent Skill for Claude Code / OpenClaw, with 13875 downloads so far.

How do I install skill-guard?

Run "/install skill-guard" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is skill-guard free?

Yes, skill-guard is completely free (open-source). You can download, install and use it at no cost.

Which platforms does skill-guard support?

skill-guard is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created skill-guard?

It is built and maintained by hola (@jamesouttake); the current version is v1.0.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments