← 返回 Skills 市场

safe-guard

Name: safe-guard
Author: igloomatics

作者 Igloos · GitHub ↗ · v1.0.2 · MIT-0

cross-platform ⚠ suspicious

234

总下载

当前安装

版本数

在 OpenClaw 中安装

/install safe-guard

功能描述

Claude Code / OpenClaw Skill 安全防护工具。三大能力：(1) 始终生效的 PreToolUse Hook，拦截高危操作； (2) 静态正则 + LLM 语义审计的深度扫描； (3) 沙盒隔离环境运行脚本并监控行为。支持 scan-only、safe-run、sandbox-test...

安全使用建议

This skill appears to implement what it claims (static scanner, LLM checklist, sandbox, and a PreToolUse hook), but there are red flags that justify extra caution: - Keyword segmentation and many `# noscan` markers: the code fragments keywords (e.g., '.a'+'ws', 'bash'+'rc') to avoid static detection. While the author may claim this prevents false positives, the same technique is commonly used by malware to evade scanners. Ask the author to justify why segmentation is needed and request a version without obfuscation for review. - PreToolUse hook is high-impact: installing the skill will register a hook that runs on tool calls and can block them. Only enable this in environments where you can tolerate a gatekeeper script; prefer scan-only or sandbox-test modes first. - Review permissions and local settings: inspect .claude/settings.local.json and hooks/hooks.json to ensure no platform-level permission escalations or overly permissive allowed commands are being granted implicitly. - Run tests in an isolated environment: before enabling the hook in your main agent, run the skill on non-sensitive sample skills in a disposable VM or container to observe behavior. Use the sandbox-run and quick-scan locally and verify outputs. - Validate source provenance: the package has no homepage and an unknown owner. Prefer code from auditable, known sources or ask the publisher for a transparency statement and reproducible build steps. If you need a short checklist to proceed safely: (1) ask the author why obfuscation is used; (2) run quick_scan.py and sandbox_run.py locally on a copied sample; (3) do not enable hooks in production until reviewed; (4) consider limiting the hook to 'scan-only' or requiring explicit user confirmation before allowing the hook to persist.

功能分析

Type: OpenClaw Skill Name: safe-guard Version: 1.0.2 The 'safe-guard' skill bundle is a comprehensive security utility designed to audit and protect OpenClaw and Claude Code environments. It implements a multi-layered defense strategy including a PreToolUse hook (hooks/danger_guard.py) for real-time interception of dangerous shell commands and file writes, a static analysis engine (scripts/quick_scan.py) with 38+ detection rules, and a behavioral sandbox (scripts/sandbox_run.py) for isolated script testing. While the tool utilizes string segmentation to avoid antivirus false positives and requests broad execution permissions in .claude/settings.local.json, these behaviors are well-documented and strictly aligned with its stated purpose of identifying and mitigating malicious skill behavior.

能力评估

ℹ Purpose & Capability

Name/description claim a scanning + sandbox + hook product, and the repository contains matching components (quick_scan.py, sandbox_run.py, danger_guard.py, hooks.json, checklist/known threats). The files and declared capabilities are largely coherent with the stated purpose. However, the code contains deliberate keyword segmentation and many `# noscan` markers (see quick_scan.py, danger_guard.py, sandbox_run.py) — an uncommon pattern for normal tools because it looks like evasion of static detectors. That choice is explainable (to avoid false positives), but it is unusual and should be justified by the author.

ℹ Instruction Scope

SKILL.md prescribes scanning by reading every file under the target skill directory, optionally cloning remote repos into a temp dir, running static regex scanner and an optional sandbox run. That scope is consistent with a deep audit tool. Note: reading 'every file' and running scripts in a sandbox implies the tool will access potentially sensitive files contained in scanned repos (e.g., .env, keys if mistakenly committed) — expected for an auditor but a privacy consideration.

✓ Install Mechanism

No external install/download steps are required; this is instruction+code in the skill bundle (no remote fetch or installer). The tool runs local Python scripts and a hook command via hooks.json. No high-risk download URLs or package installs were found.

ℹ Credentials

The skill does not request external credentials or environment variables. It performs file reads within target skill directories and may clone remote repos into a temporary directory for scanning; the sandbox uses Path.home() to construct deny-lists. That's proportionate for an auditor, but it means the tool will (by design) examine files that can contain secrets. Also review .claude/settings.local.json included in the package — it lists many permissive Bash invocation patterns which could influence what gets executed when the skill is loaded; understand platform permission semantics before enabling.

⚠ Persistence & Privilege

The skill ships a PreToolUse hook (hooks/hooks.json) that will be registered by the platform and run automatically to intercept tool calls (Bash, Edit/Write matchers). That hook can block tool operations (exits with nonzero) and persists session state in a temp directory. This behavior is consistent with the claimed 'always-active interception' feature, but it is a high-impact capability: a malicious or buggy hook could block or tamper with other agent actions. The skill's registry metadata does not set platform-level 'always: true', but the hook registration itself grants it an always-running interception role when installed.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install safe-guard
安装完成后，直接呼叫该 Skill 的名称或使用 /safe-guard 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.2

- Added local settings file support: `.claude/settings.local.json` is now included for environment or configuration customization. - No other changes to core functionality or audit logic.

v1.0.1

No functional or documentation changes in this version. - Version bumped to 1.0.1 with no file or content changes detected. - No modifications to code, configuration, or documentation files. - Behavior and skill description remain identical to previous release.

v1.0.0

Skill Guard initial release — comprehensive security auditing and protection for Claude Code/OpenClaw skills. - Provides three layers: static pattern scan, sandbox behavioral isolation, and LLM-powered audit for thorough security checks. - Offers always-active PreToolUse hooks to block dangerous operations like rm -rf / and reverse shells before execution. - Supports multiple modes: scan-only, safe-run, sandbox-test, and hook-status for flexible usage. - Scans local or remote skills (including GitHub/ClawHub URLs) and verifies all files for completeness. - Outputs clear, structured reports in English or Chinese, summarizing findings across static, sandbox, and semantic audits. - Automatically locates target skills across Claude Code, OpenClaw, and project/user-specified paths.

元数据

Slug safe-guard

版本 1.0.2

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 3

常见问题

safe-guard 是什么？

Claude Code / OpenClaw Skill 安全防护工具。三大能力：(1) 始终生效的 PreToolUse Hook，拦截高危操作； (2) 静态正则 + LLM 语义审计的深度扫描； (3) 沙盒隔离环境运行脚本并监控行为。支持 scan-only、safe-run、sandbox-test... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 234 次。

如何安装 safe-guard？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install safe-guard」即可一键安装，无需额外配置。

safe-guard 是免费的吗？

是的，safe-guard 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

safe-guard 支持哪些平台？

safe-guard 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 safe-guard？

由 Igloos（@igloomatics）开发并维护，当前版本 v1.0.2。