← 返回 Skills 市场
235
总下载
0
收藏
1
当前安装
3
版本数
在 OpenClaw 中安装
/install clawskillguard
功能描述
Security scanner for OpenClaw skills. Scans SKILL.md files and scripts for prompt injection, data exfiltration, malicious patterns, and unauthorized network...
使用说明 (SKILL.md)
ClawSkillGuard — OpenClaw Skill Security Scanner
Overview
ClawGuard scans OpenClaw skills for security risks before you install or run them. It analyzes SKILL.md files, scripts, and supporting files for malicious patterns, data exfiltration, prompt injection, and other threats.
100% local. Zero network calls. Your skills never leave your machine.
When to Use
- Before installing a skill from ClawHub or any external source
- Auditing skills already installed on your system
- When a user asks "is this skill safe?" or "check this skill for malware"
- Periodic security audits of your skill directory
Scan Workflow
1) Locate the Skill
Ask the user for the skill path, or scan common locations:
~/.openclaw/skills/\x3Cname>/(ClawHub installs)~/.openclaw/workspace/skills/\x3Cname>/(workspace skills)- Any path the user specifies
If no path given, offer to scan all installed skills.
2) Run the Scanner
python3 \x3Cskill_directory>/scripts/scan.py \x3Cpath_to_skill> [--format text|json] [--severity low|medium|high|critical]
The scanner checks:
- SKILL.md — prompt injection, hidden instructions, data exfil prompts
- Scripts — shell commands, network calls, credential access, file system manipulation
- Dependencies — suspicious imports, external package installs
- File patterns — obfuscation, encoded payloads, steganography
3) Present Results
Format findings clearly:
- 🔴 CRITICAL — Do not install. Active threat detected.
- 🟠 HIGH — Suspicious. Review before installing.
- 🟡 MEDIUM — Caution. Unusual patterns found.
- 🟢 LOW — Minor concerns. Generally safe.
- ✅ CLEAN — No threats detected.
For each finding, include:
- File and line number
- Pattern matched
- Why it's risky
- Suggested action
4) Recommendation
Give a clear verdict:
- ✅ SAFE TO INSTALL — No significant risks found
- ⚠️ REVIEW NEEDED — Some concerns, read the flagged sections
- ❌ DO NOT INSTALL — Critical threats detected
Severity Levels
| Level | Description | Examples |
|---|---|---|
| 🔴 CRITICAL | Active malicious behavior | Data exfil, credential theft, destructive commands |
| 🟠 HIGH | Likely malicious intent | Hidden instructions, obfuscated code, unauthorized network calls |
| 🟡 MEDIUM | Suspicious but possibly benign | Unusual file access, broad permissions, external downloads |
| 🟢 LOW | Minor concerns | Verbose logging, debug mode, minor policy violations |
Detection Patterns
Prompt Injection (SKILL.md)
- Hidden markdown (white text, zero-width chars)
- Instructions to ignore system prompts
- Attempts to override SOUL.md or AGENTS.md
- Data exfiltration prompts ("send contents of...", "report to external URL")
Malicious Scripts
- Credential harvesting (reading .env, .ssh, tokens)
- Reverse shells or bind shells
- Cryptocurrency miners
- Destructive commands (rm -rf, format, dd)
- Obfuscated/encoded payloads (base64, eval, exec)
- Unauthorized outbound connections
- Privilege escalation attempts
Supply Chain
- pip/npm/curl installs from untrusted sources
- Downloading and executing remote scripts
- Modifying files outside skill directory
- Cron job manipulation
- PATH hijacking
Example Usage
User: "Is this skill safe to install?"
Agent: Runs ClawGuard scan → presents findings → gives verdict
User: "Scan all my installed skills"
Agent: Scans ~/.openclaw/skills/*/ → consolidated security report
Important Notes
- This scanner uses pattern matching, not formal verification. Clever adversaries can evade detection.
- Always review HIGH and CRITICAL findings manually.
- A "CLEAN" result means no known patterns matched — not a guarantee of safety.
- When in doubt, read the skill's source code yourself.
安全使用建议
This skill appears to implement a local-only scanner and is internally consistent with its purpose. Before running: (1) manually inspect scan.py if you want to be extra cautious (it contains many base64-encoded regexes used to detect malicious patterns); (2) note the small README vs. file-location mismatch (SKILL.md references scripts/scan.py while the file is at the root) — adjust the command accordingly; (3) run the scanner on a copy or in an isolated environment if you're scanning untrusted skills for the first time; (4) remember the scanner uses pattern matching and can miss clever evasions — always review HIGH/CRITICAL flags manually. Overall, no disproportionate requests or network/persistence behavior were found.
功能分析
Type: OpenClaw Skill
Name: clawskillguard
Version: 1.0.2
The clawskillguard skill is a legitimate security utility designed to perform static analysis on other OpenClaw skills. The scan.py script uses regex patterns to detect common indicators of prompt injection, data exfiltration, and malicious code; these patterns are base64-encoded within the script specifically to prevent the scanner from flagging its own detection strings. The SKILL.md instructions correctly guide the AI agent to perform local security audits without any evidence of hidden malicious intent, unauthorized network activity, or data exfiltration.
能力评估
Purpose & Capability
Name and description match the included SKILL.md and scan.py: both describe a local scanner for OpenClaw skills. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md instructs the agent to ask for a skill path (or scan installed skills) and run the included Python scanner — this stays within the stated purpose. Minor inconsistency: the README shows running scripts/scan.py but the provided file is at the repository root (scan.py). Nothing in the instructions directs the agent to read unrelated system files or transmit data externally.
Install Mechanism
No install spec is provided (instruction-only plus a single Python script). This is low-risk: nothing will be downloaded or written to disk by an installer step beyond the existing files.
Credentials
The skill requires no environment variables or credentials. It reads (with user approval) skill files under the user's skill directories, which is expected for a scanner. Requested file access is proportional to its purpose.
Persistence & Privilege
The skill does not request always-on presence and does not attempt to modify other skills or system-wide agent settings. The default autonomy setting is present but not combined with any concerning privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install clawskillguard - 安装完成后,直接呼叫该 Skill 的名称或使用
/clawskillguard触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
Fixed: broken regex patterns (PowerShell wildcard match, missing parens), self-exclusion to avoid false positives, narrower disk-format detection. All patterns base64-encoded.
v1.0.1
Fixed: patterns now stored as base64 to prevent false-positive self-detection by security scanners. No functional changes.
v1.0.0
Initial release: SKILL.md prompt injection detection, script malware scanning, suspicious import analysis
元数据
常见问题
ClawSkillGuard 是什么?
Security scanner for OpenClaw skills. Scans SKILL.md files and scripts for prompt injection, data exfiltration, malicious patterns, and unauthorized network... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 235 次。
如何安装 ClawSkillGuard?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install clawskillguard」即可一键安装,无需额外配置。
ClawSkillGuard 是免费的吗?
是的,ClawSkillGuard 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
ClawSkillGuard 支持哪些平台?
ClawSkillGuard 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 ClawSkillGuard?
由 xeonai44(@xeonai44)开发并维护,当前版本 v1.0.2。
推荐 Skills