← 返回 Skills 市场

Skillguard

Name: Skillguard
Author: mirni

作者 mirni · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install gh-skillguard

功能描述

Run a complete security audit on any OpenClaw SKILL.md in one call. Combines malware scanning (SkillScan), permission scope analysis (ScopeCheck), and prompt...

使用说明 (SKILL.md)

SkillGuard

Full security audit of a SKILL.md — three checks, one call.

Start the server

uvicorn skillguard.app:app --port 8005

Audit a skill

curl -s -X POST http://localhost:8005/v1/audit-skill \
  -H "Content-Type: application/json" \
  -d "{\"skill_content\": $(cat path/to/SKILL.md | jq -Rs)}" | jq

Returns verdict (SAFE/CAUTION/DANGEROUS), total_findings, and three sub-reports:

scan — malware detection (safety_score, findings, verdict)
scope — permission analysis (declared vs detected, undeclared_access)
injection — prompt injection (risk_score, patterns_detected)

Why use SkillGuard instead of individual tools?

One call instead of three. Same price. Combined verdict logic: if the malware scan finds anything, it's DANGEROUS. If only scope or injection issues, it's CAUTION. Clean skill = SAFE.

安全使用建议

This skill appears to do what it says: start a local server and analyze SKILL.md content. The main concerns are (1) the bundle does not include the 'products.skillscan', 'products.scopecheck', and 'products.promptguard' modules that the code imports — you need to verify where those come from and what they do at runtime, and (2) the registry-level install spec is incomplete compared to the SKILL.md metadata, so confirm the actual install steps. Before installing or running this on sensitive machines: review the implementations (or platform-provided sources) of the three product modules to ensure they do not send submitted SKILL.md content to external services or log it to remote endpoints, and ensure the pip install list is explicit and comes from trusted package sources. If you cannot inspect or verify those modules, treat the skill as untrusted and run it only in an isolated environment.

功能分析

Type: OpenClaw Skill Name: gh-skillguard Version: 1.0.0 The gh-skillguard skill is a security auditing tool designed to analyze OpenClaw SKILL.md files for malware, permission scope discrepancies, and prompt injection risks. The provided code in skillguard/app.py and skillguard/models.py implements a standard FastAPI service that orchestrates these checks and returns a unified safety verdict. There are no indicators of malicious intent, data exfiltration, or unauthorized execution; the logic is consistent with its stated purpose as a defensive utility.

能力评估

✓ Purpose & Capability

Name/description match the code: the service runs three checks (SkillScan, ScopeCheck, PromptGuard) and returns a unified verdict. It only requires Python and common web-framework packages, which is proportionate for a local audit server.

✓ Instruction Scope

SKILL.md instructs running a local uvicorn server and POSTing SKILL.md content; there are no instructions to read arbitrary host files or request unrelated credentials. The example uses 'cat path/to/SKILL.md' which is user-driven and not automatic.

⚠ Install Mechanism

Registry install metadata lists a generic 'uv' entry, while the SKILL.md metadata specifies pip packages (fastapi, uvicorn, pydantic, pyyaml). The package files in the bundle do not include the dependent 'products.*' modules the code imports, so the runtime will rely on platform-provided modules or additional installs. That mismatch is a risk: it is unclear what additional code will be present at runtime and whether it will be pulled from remote sources.

✓ Credentials

The skill requests no environment variables, no credentials, and no config paths. The code does not itself read environment variables or secrets.

✓ Persistence & Privilege

always is false, the skill does not request permanent inclusion or system-wide configuration changes, and there are no instructions to modify other skills or agent settings.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install gh-skillguard
安装完成后，直接呼叫该 Skill 的名称或使用 /gh-skillguard 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial public release of gh-skillguard with streamlined documentation and improved metadata. - Clarified and shortened the SKILL.md description for easier understanding - Updated metadata with emoji, improved install section, and structured requirements - Simplified usage instructions and included direct example for curl with jq - Clearly explained the unified reporting and combined verdict logic - Removed redundant/verbose request and response tables for readability

v0.1.1

- Added OpenClaw metadata specifying required binaries and install steps. - Updated installation instructions to include pydantic, matching the new dependency list. - Revised server startup and usage examples for clarity. - Clarified the difference between installation and usage sections.

v0.1.0

Initial release combining three security checks into one API: - Unified security audit for SKILL.md files with SkillScan, ScopeCheck, and PromptGuard in a single API call - Returns a structured, unified JSON report covering risky code, undeclared permissions, and prompt injection risks - Supports both hosted API and standalone FastAPI deployment - Simple request/response schema for easy integration

元数据

Slug gh-skillguard

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 3

常见问题

Skillguard 是什么？

Run a complete security audit on any OpenClaw SKILL.md in one call. Combines malware scanning (SkillScan), permission scope analysis (ScopeCheck), and prompt... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 88 次。

如何安装 Skillguard？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install gh-skillguard」即可一键安装，无需额外配置。

Skillguard 是免费的吗？

是的，Skillguard 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Skillguard 支持哪些平台？

Skillguard 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Skillguard？

由 mirni（@mirni）开发并维护，当前版本 v1.0.0。