← Back to Skills Marketplace
SkillGuard Hardened
by
2404589803
· GitHub ↗
· v1.0.5
· MIT-0
299
Downloads
0
Stars
1
Active Installs
6
Versions
Install in OpenClaw
/install skillguard-hardened
Description
Security guard for OpenClaw skills, developed and maintained by rose北港(小红帽 / 猫猫帽帽). Audits installed or incoming skills with local rules plus Zenmux AI inten...
Usage Guidance
SkillGuard is broadly coherent: it legitimately needs python3 and an AI key, and the code implements scanning, AI-based intent checks, reporting, and quarantining. Before installing: 1) Verify the Zenmux provider and limit the privileges of the ZENMUX_API_KEY (use a scoped key if possible). 2) Inspect guarded_flow.py and manage_skill.py to confirm they enforce the --force/--yes delete confirmations and do not blindly execute remote content fetched via npx/curl/wget. 3) Validate the remote-update hosts (moltbook.com and fluxapay.xyz); confirm they are official/trusted sources for policy/manifest updates or remove/unconfigure remote updates. 4) Confirm the configured allowed_roots/quarantine/report directories map to a workspace you control (avoid unexpected absolute paths like /root/clawd unless that is intended). 5) Run the skill in an isolated test environment first and review logs/reports to ensure remediation actions behave as described. If you are concerned about autonomous invocation, do not grant the agent permission to call this skill automatically until you have tested it.
Capability Analysis
Type: OpenClaw Skill
Name: skillguard-hardened
Version: 1.0.5
SkillGuard is a comprehensive security auditing and remediation framework for OpenClaw skills. It implements static analysis (lib/analyzers.py), AI-driven intent auditing (lib/ai_audit.py), and controlled remediation actions like quarantine and deletion (lib/remediation.py). The code includes robust safety features, such as path-traversal protection via _assert_safe_target, domain whitelisting for remote updates (moltbook.com, fluxapay.xyz), and mandatory manual flags (--force --yes) for destructive operations. The high-privilege capabilities (file deletion and command execution) are strictly aligned with its stated purpose as a security tool.
Capability Assessment
Purpose & Capability
Name/description claim a skill-auditor and the package contains static analysis, AI-audit, reporting, and remediation code that matches that purpose. Requiring python3 and a Zenmux API key is coherent. Minor oddities: SKILL.md mentions remote updates from moltbook.com and fluxapay.xyz (fluxapay.xyz is an unexpected host for a guard tool) and the human-readable SKILL.md documents an absolute default report path (/root/clawd/...) that doesn't match the policy placeholders used by the code (which render paths from the workspace). These should be verified but do not by themselves contradict the stated purpose.
Instruction Scope
SKILL.md and the scripts direct the agent to scan skill directories, run guarded execution wrappers, and perform quarantine/restore/delete actions — all within the declared purpose. The instructions include commands that fetch or install skills (npx-add, moltbook-install) and a guarded exec wrapper that will invoke untrusted code via subprocess; this is expected for an install-gate but expands the skill's runtime surface (network fetch + executing wrapped binaries). Confirm the guarded execution flow does not blindly execute remote content without verification.
Install Mechanism
There is no external install spec (instruction-only install behavior); the package contains Python scripts and no download/install step is required by the skill itself. This is the lower-risk model for a code-included skill.
Credentials
Only ZENMUX_API_KEY (and optional model override envs) are required for AI auditing. The code reads a few alternate env var names as fallbacks and optional model/base-url overrides. That level of credential access is proportional to an AI-backed auditing tool; there are no unrelated cloud credentials requested.
Persistence & Privilege
The skill modifies filesystem state (move to quarantine, delete with shutil.rmtree, write reports/audit logs). Those privileges are necessary for remediation but are high-impact. The policy enforces allowed roots and the code asserts operations stay within those allowed roots, which mitigates risk — still, deletion is possible and must be guarded by the operator flags described in SKILL.md.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install skillguard-hardened - After installation, invoke the skill by name or use
/skillguard-hardened - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.5
Switch ZenMux AI auditing from Anthropic-compatible messages to ZenMux OpenAI-compatible chat completions, default model openai/gpt-5.4, and refresh skill metadata wording.
v1.0.4
- Added auto-remediation support to scan command (`--auto-remediate quarantine|delete`) for bulk quarantine or deletion of risky skills.
- Introduced "clean" and "disinfect" commands in manage_skill.py to automatically quarantine or delete a skill based on a scan result.
- Extended documentation with new usage examples for auto-remediation, clean, and disinfect flows.
- Default remediation now only targets skills marked as BLOCK or QUARANTINE, and still requires explicit confirmation for deletion.
v1.0.3
skillguard-hardened v1.0.3
- Updated version number to 1.0.3.
- No functional or documentation changes detected aside from version increment.
v1.0.2
**Summary:**
Malicious test fixtures have been removed from the distribution for increased security and package hygiene.
- Removed all included malicious skill test fixtures from the package.
- Updated documentation to clarify security capabilities and explain the removal of test fixtures.
- No functional changes to core scanning or guarded execution logic.
- Safer distribution, with test artifacts now generated dynamically at test time only.
v1.0.1
- Added full English/Chinese (bilingual) documentation for all features, usage, and safety model.
- Improved readability by dividing sections into concise English headlines with corresponding Chinese explanations in parentheses.
- No functional or command changes—documentation only.
v1.0.0
Initial release of skillguard-hardened.
- Provides security auditing for OpenClaw skills using local rules and DeepSeek intent review.
- Supports scan, install check, update check, and execution check with structured JSON reporting.
- Includes quarantine, restore, and explicit delete management commands.
- Integrates with agent workflows via guarded installation and update flows.
- DeepSeek API key required for semantic audits; falls back to local rules if unset.
- Default actions are PASS, WARN, BLOCK, or QUARANTINE; delete requires explicit confirmation.
Metadata
Frequently Asked Questions
What is SkillGuard Hardened?
Security guard for OpenClaw skills, developed and maintained by rose北港(小红帽 / 猫猫帽帽). Audits installed or incoming skills with local rules plus Zenmux AI inten... It is an AI Agent Skill for Claude Code / OpenClaw, with 299 downloads so far.
How do I install SkillGuard Hardened?
Run "/install skillguard-hardened" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is SkillGuard Hardened free?
Yes, SkillGuard Hardened is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does SkillGuard Hardened support?
SkillGuard Hardened is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created SkillGuard Hardened?
It is built and maintained by 2404589803 (@2404589803); the current version is v1.0.5.
More Skills