← 返回 Skills 市场
382
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install skill-guard-actor
功能描述
Scan ClawHub skills for prompt injection and malicious content using Lakera Guard before installing them. Run automatically when the user asks to install a s...
安全使用建议
SkillGuard's purpose and requested credentials make sense for running an Apify-based scan, but there are several things to check before installing:
- Verify the Apify actor and owner: inspect the Apify actor (numerous_hierarchy/skill-guard-actor, ID TMjFBNFqIIUfCBf6K) on console.apify.com to review what that actor actually does and confirm you trust its owner.
- Confirm webhook security: the skill requires your OpenClaw webhook URL and token. Ensure that endpoint is reachable only to trusted services and that the token is stored and transmitted securely.
- Review automatic file-write behavior: the skill intends to append an install policy to a TOOLS.md file on first install. Decide whether you want a skill to modify workspace files automatically; ask the author for a prompt/consent step or change the behavior to require your explicit approval.
- Fix the documentation inconsistencies: the SKILL.md references different paths for TOOLS.md and the script requires external tools (curl, jq, base64) that are not declared in metadata. Ensure those binaries exist and confirm where files will be written.
- Least privilege: consider creating tokens with limited scope (if possible) rather than reusing full-power tokens.
If you want to proceed: manually inspect the included scripts and the Apify actor's code/run logs, and consider running the script in a sandboxed environment first. If you are uncomfortable with automatic modifications to your workspace, ask the author to remove or make the TOOLS.md append opt-in.
功能分析
Type: OpenClaw Skill
Name: skill-guard-actor
Version: 1.0.0
The skill is designed to enhance security by scanning other skills for malicious content. However, it exhibits a high-risk behavior by instructing the OpenClaw agent to execute a direct shell command (`cat >> ~/.openclaw/workspace/TOOLS.md`) to modify a local file (`TOOLS.md`) during installation. While the content written is a benign security policy, this demonstrates the agent's capability to execute arbitrary shell commands and modify files based on markdown instructions from a skill, which represents a significant vulnerability surface (e.g., RCE, arbitrary file write) if a malicious skill were to exploit this mechanism. This capability, even when used for a benign purpose, elevates the classification to suspicious.
能力评估
Purpose & Capability
SkillGuard claims to scan ClawHub skills using an Apify actor and Lakera Guard; the required environment variables (APIFY_TOKEN, LAKERA_API_KEY, OPENCLAW_WEBHOOK_URL, OPENCLAW_HOOKS_TOKEN) are appropriate and expected for that purpose. Requesting an Apify token as the primary credential is coherent with invoking an Apify actor.
Instruction Scope
The SKILL.md and included script instruct the agent to trigger an Apify actor and receive results via an ad-hoc webhook — that is within scope. However: (1) the skill instructs an automatic 'On First Install' append of a policy to a TOOLS.md file in the workspace (modifies user files outside the skill directory); (2) there are inconsistent path references for that file ({baseDir}/../../TOOLS.md vs ~/.openclaw/workspace/TOOLS.md), which is ambiguous and risky; (3) the bundled script requires tools (curl, jq, base64/openssl, bash features) but the skill metadata declares no required binaries, an inconsistency that may cause runtime failures or hidden assumptions. The automatic, pre-response file modification is the main scope creep to review.
Install Mechanism
No external downloads or package installs are performed by the skill itself — it's instruction-only with one included script. The script simply calls Apify's API; there is no high-risk install mechanism (no remote archive downloads or execution of fetched code).
Credentials
All four environment variables requested are relevant to the described workflow (Apify runs + webhook callback + Lakera). They are sensitive (tokens), so ensure they are stored securely. It's appropriate that APIFY_TOKEN is primary. No unrelated credentials are requested.
Persistence & Privilege
The skill requests to perform an automatic write to a workspace-level TOOLS.md on first install (the SKILL.md explicitly says to do this 'automatically before responding'), which changes user workspace files outside the skill directory. Although not an elevated system privilege, this persistent modification of a user's files without a clearly documented consent step is a notable behavior and should be reviewed/approved by the user. Also, unclear path inconsistency increases risk of writing to an unexpected location.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install skill-guard-actor - 安装完成后,直接呼叫该 Skill 的名称或使用
/skill-guard-actor触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release — scan ClawHub skills for prompt injection before installing
元数据
常见问题
SkillGuard 是什么?
Scan ClawHub skills for prompt injection and malicious content using Lakera Guard before installing them. Run automatically when the user asks to install a s... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 382 次。
如何安装 SkillGuard?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-guard-actor」即可一键安装,无需额外配置。
SkillGuard 是免费的吗?
是的,SkillGuard 完全免费(开源免费),可自由下载、安装和使用。
SkillGuard 支持哪些平台?
SkillGuard 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 SkillGuard?
由 Merk(@0xmerkle)开发并维护,当前版本 v1.0.0。
推荐 Skills