← 返回 Skills 市场
SkillGuard by Farnwick
作者
FarnwickArglefax
· GitHub ↗
· v1.0.0
589
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install farnwick-skillguard
功能描述
AI-powered security scanner for OpenClaw skills. Scans skill files for credential theft, data exfiltration, reverse shells, obfuscation, and other threats be...
使用说明 (SKILL.md)
SkillGuard 🛡️
AI-powered security scanner for OpenClaw skills. Analyzes skill code for malicious behaviour before you install it.
Commands
Scan before install (recommended)
skillguard install \x3Cskill-name>
Downloads the skill to a temp directory, runs AI security analysis, shows verdict, then asks for confirmation before installing via clawhub.
Example:
skillguard install my-new-skill
Audit installed skills
skillguard audit
Scans all skills in /usr/lib/node_modules/openclaw/skills/, ~/.openclaw/workspace/skills/, and ~/.openclaw/skills/. Prints a table summary with details on any flagged skills.
Scan a local path
skillguard scan \x3Cpath>
Scan any local skill directory without installing. Useful for reviewing skills you've already downloaded or developed locally.
Example:
skillguard scan ./my-skill-folder
skillguard scan /usr/lib/node_modules/openclaw/skills/some-skill
Risk Levels
| Level | Meaning |
|---|---|
| ✅ CLEAN | No security issues detected |
| 🟡 LOW | Minor concerns, generally safe |
| ⚠️ MEDIUM | Review recommended before installing |
| 🚨 HIGH | Dangerous — do not install without careful manual review |
What Gets Checked
- Credential theft: Reads to
~/.ssh/,~/.openclaw/, API keys,.envfiles - Data exfiltration: curl/wget/fetch POSTing data to external servers
- Reverse shells: netcat, bash TCP redirects, socat to external IPs
- Privilege escalation: sudo abuse, setuid bits, writing to
/etc/ - Persistence: cron installs, systemd units,
.bashrcmodifications - Obfuscation: base64-piped-to-bash, eval with dynamic content
- Package smuggling: undisclosed npm/pip installs
- Reconnaissance: network scanning, system info harvesting
Usage by the AI Agent
When the user asks to install a skill, use skillguard first:
python3 /root/.openclaw/workspace/skills/skillguard/skillguard.py install \x3Cskill-name>
When the user asks to check their installed skills for security issues:
python3 /root/.openclaw/workspace/skills/skillguard/skillguard.py audit
When the user asks to check a specific local skill directory:
python3 /root/.openclaw/workspace/skills/skillguard/skillguard.py scan /path/to/skill
Output Examples
Clean skill:
✅ SkillGuard: good-skill — Clean. Installing...
Flagged skill:
🚨 SkillGuard: bad-skill — Risk: HIGH
Reads /root/.openclaw/*.json and POSTs to external IP.
[HIGH] Data Exfiltration: curl POST of ~/.openclaw/openclaw.json to 45.33.32.156 [scripts/init.sh:14-22]
[MEDIUM] Credential Theft: Reads ~/.ssh/id_rsa without disclosure [scripts/setup.sh:8]
Install bad-skill anyway? (type YES to confirm)
Requirements
- Python 3.6+
- An Anthropic, OpenRouter, or DeepSeek API key configured in OpenClaw
clawhubCLI (forinstallcommand only)
Notes
- Binary files are automatically skipped
- Files larger than 100KB are truncated before analysis
- Analysis uses Claude Opus (or best available model) for maximum accuracy
- The scan itself is safe — skills are text files, not executed during scanning
安全使用建议
This skill appears to do what it claims: it collects skill files and sends them to your configured LLM backend for analysis and can scan installed skill directories. Before installing or running: 1) Verify you trust the LLM provider(s) configured in OpenClaw, because scanned files (which might include secrets or credentials in SKILL.md or scripts) will be transmitted to those services. 2) Confirm you are comfortable SkillGuard reading the OpenClaw auth-profiles file (~/.openclaw/agents/main/agent/auth-profiles.json) to retrieve API tokens. 3) Note the registry metadata does not declare a primary credential even though the tool needs an LLM key in OpenClaw — consider this a minor mismatch. 4) Optionally review skillguard.py yourself (it is included) to confirm it does not exfiltrate scans to any endpoint other than the configured LLMs or call unexpected external servers. If you accept those behaviors, SkillGuard is reasonable to use.
功能分析
Type: OpenClaw Skill
Name: farnwick-skillguard
Version: 1.0.0
The OpenClaw SkillGuard skill is designed to be a security scanner, and its code and documentation align perfectly with this stated purpose. It legitimately accesses OpenClaw's own authentication profiles to retrieve API keys for its LLM analysis, uses `clawhub` for skill management, and sends collected skill file contents to an LLM for security analysis. There is no evidence of intentional malicious behavior, data exfiltration, unauthorized execution, or prompt injection attempts within SkillGuard's own code or instructions.
能力评估
Purpose & Capability
Name/description match behavior: the tool collects skill files, analyzes them with an LLM, reports risk, and optionally runs clawhub to install. Required binary (python3) and scan targets (/usr/lib..., ~/.openclaw/...) align with the stated purpose.
Instruction Scope
SKILL.md and code instruct scanning installed skills and local paths and explicitly run python3 skillguard.py install/audit/scan. The scanner sends collected file contents to external LLM providers (Anthropic/OpenRouter/DeepSeek) or uses the local openclaw agent — this is necessary for its analysis but means skill files (which can contain secrets) are transmitted to configured LLM backends; the SKILL.md documents this.
Install Mechanism
No install spec; code is included and runs locally. No remote downloads or archive extraction are performed by the skill itself, lowering install risk.
Credentials
The skill reads OpenClaw auth profiles (~/.openclaw/agents/main/agent/auth-profiles.json) to obtain LLM API keys and may invoke openclaw CLI. SKILL.md documents the need for an LLM API key in OpenClaw, but registry metadata does not declare a primary credential or required env vars — a small metadata mismatch worth noting.
Persistence & Privilege
always:false and it does not request permanent presence or modify other skills. It invokes subprocesses and may call openclaw agent --local to obtain LLM responses; this is appropriate for its function.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install farnwick-skillguard - 安装完成后,直接呼叫该 Skill 的名称或使用
/farnwick-skillguard触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of SkillGuard, an AI-powered security scanner for OpenClaw skills.
- Scans skill files for threats like credential theft, data exfiltration, reverse shells, obfuscation, and more before installation.
- Provides commands to scan before install, audit all installed skills, or scan a local path.
- Categorizes risks as CLEAN, LOW, MEDIUM, or HIGH, with clear summaries and details for flagged skills.
- Skips binary files and safely analyzes text up to 100KB per file.
- Requires Python 3.6+ and a valid AI API key.
元数据
常见问题
SkillGuard by Farnwick 是什么?
AI-powered security scanner for OpenClaw skills. Scans skill files for credential theft, data exfiltration, reverse shells, obfuscation, and other threats be... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 589 次。
如何安装 SkillGuard by Farnwick?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install farnwick-skillguard」即可一键安装,无需额外配置。
SkillGuard by Farnwick 是免费的吗?
是的,SkillGuard by Farnwick 完全免费(开源免费),可自由下载、安装和使用。
SkillGuard by Farnwick 支持哪些平台?
SkillGuard by Farnwick 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 SkillGuard by Farnwick?
由 FarnwickArglefax(@farnwickarglefax)开发并维护,当前版本 v1.0.0。
推荐 Skills