← 返回 Skills 市场
13875
总下载
4
收藏
80
当前安装
3
版本数
在 OpenClaw 中安装
/install skill-guard
功能描述
Scan ClawHub skills for security vulnerabilities BEFORE installing. Use when installing new skills from ClawHub to detect prompt injections, malware payloads, hardcoded secrets, and other threats. Wraps clawhub install with mcp-scan pre-flight checks.
安全使用建议
Install only if you are comfortable letting this skill run shell commands that stage, scan, and install other skills. Review safe-install.sh first, avoid --force unless you intend to replace an existing skill, and install uv through a trusted package manager or verified installer when possible.
功能分析
Type: OpenClaw Skill
Name: skill-guard
Version: 1.0.2
This skill, 'skill-guard', is designed to enhance security by scanning other OpenClaw skills for vulnerabilities before installation. The `SKILL.md` documentation clearly outlines its purpose and methods, without any prompt injection attempts. The `scripts/safe-install.sh` script uses legitimate tools (`clawhub`, `uvx`, `mcp-scan`) to download skills to a temporary staging area (`/tmp`), scan them, and only install them if no security issues are detected. It does not exhibit any malicious behaviors such as data exfiltration, unauthorized remote control, or persistence mechanisms. While the installation instructions for its `uv` dependency suggest `curl | sh`, this is a common method for that specific tool and is an instruction for the user, not an action performed by the skill's core logic for a malicious payload.
能力评估
Purpose & Capability
The stated purpose is to stage, scan, and then install other skills; using shell commands, temporary staging, external scan tools, and the OpenClaw skills directory is coherent with that purpose.
Instruction Scope
The documented install-anyway and force-overwrite paths affect installed skills, but they appear user-directed rather than hidden or automatic.
Install Mechanism
The skill depends on external CLIs and documents a curl-to-shell uv installer; the reported sourcing of $HOME/.local/bin/env is a hardening concern but not evidence of exfiltration or deception.
Credentials
The described file operations are scoped to /tmp/skill-guard-staging and the OpenClaw skills workspace, with no artifact-backed evidence of broad local indexing, credential harvesting, or unrelated network transfer.
Persistence & Privilege
Installing or overwriting a skill creates normal OpenClaw skill persistence, but no cron, background worker, privilege escalation, or system-level persistence was shown.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install skill-guard - 安装完成后,直接呼叫该 Skill 的名称或使用
/skill-guard触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
Added competitive comparison table. Emphasizes what skill-guard catches that VirusTotal and skillscanner miss: prompt injections, data exfiltration, hidden instructions, AI-specific threats.
v1.0.1
Pre-install security scanning for ClawHub skills
v1.0.0
Initial release: pre-install security scanning for ClawHub skills. Scan before you install — detect prompt injections, malware, secrets, and data exfiltration. Powered by mcp-scan (Invariant/Snyk).
元数据
常见问题
skill-guard 是什么?
Scan ClawHub skills for security vulnerabilities BEFORE installing. Use when installing new skills from ClawHub to detect prompt injections, malware payloads, hardcoded secrets, and other threats. Wraps clawhub install with mcp-scan pre-flight checks. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 13875 次。
如何安装 skill-guard?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-guard」即可一键安装,无需额外配置。
skill-guard 是免费的吗?
是的,skill-guard 完全免费(开源免费),可自由下载、安装和使用。
skill-guard 支持哪些平台?
skill-guard 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 skill-guard?
由 hola(@jamesouttake)开发并维护,当前版本 v1.0.2。
推荐 Skills