← 返回 Skills 市场

Skill Guard

Name: Skill Guard
Author: huaibuer

作者 HuaiBuer · GitHub ↗ · v1.3.0 · MIT-0

cross-platform ⚠ suspicious

289

总下载

当前安装

版本数

在 OpenClaw 中安装

/install skill-guard-waai

功能描述

Skill Security Scanner - Scan for risks before download/use. Use when: installing unknown skills, evaluating third-party code, or security auditing. / Skill安...

安全使用建议

This appears to be a straightforward local static scanner that looks for suspicious tokens in files. Before using: (1) note that the SKILL.md and code are slightly out of sync (inspect_remote is documented but not implemented); (2) run the scanner only on the directories you intend — it will read file contents in the path you give it (don’t point it at your entire home or root unless you want those files examined); (3) expect false positives and false negatives — this is a heuristic pattern matcher, not a full taint-analysis engine; (4) because it’s local and includes no networking, it won’t exfiltrate data by itself, but always review the scanner’s source yourself if you plan to rely on its results. If you want remote inspection functionality, ask the author for an updated implementation or documentation.

功能分析

Type: OpenClaw Skill Name: skill-guard-waai Version: 1.3.0 The skill is a security scanner designed to audit other skills for potential risks by performing keyword-based static analysis. The implementation in `skill_guard.py` searches for dangerous patterns like code execution, file deletion, and credential leaks within local files, but it does not execute the code it scans or perform any unauthorized network or file operations itself. No evidence of malicious intent, data exfiltration, or prompt injection was found.

能力评估

✓ Purpose & Capability

Name/description match the included code: the Python module implements a pattern-based static scanner that walks a given path and searches files for suspicious tokens. Required binary (python3) is appropriate and proportional.

ℹ Instruction Scope

The SKILL.md usage shows an inspect_remote function and a RISK_PATTERNS dict that are not present in the code (the code provides scan() and check(), and RISK_PATTERNS is a list of tuples). The runtime instructions otherwise only ask you to run the scanner locally; the scanner only reads files under the provided path and does not transmit data externally.

✓ Install Mechanism

There is no install spec that downloads external code; the repository is instruction-only with an included Python file. Nothing in the bundle writes or installs arbitrary binaries from remote URLs.

ℹ Credentials

The skill requests no environment variables or credentials. However, when you point the scanner at a directory it will read files there — so do not scan sensitive system or home directories unless intended (e.g., scanning /home/user can read files like .aws/credentials if present). This is expected for a local scanner but worth remembering.

✓ Persistence & Privilege

Skill does not request persistent privileges, does not set always:true, and does not modify other skills or system-wide configuration. It only reads files within the supplied path.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install skill-guard-waai
安装完成后，直接呼叫该 Skill 的名称或使用 /skill-guard-waai 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.3.0

- Expanded documentation to include new usage scenarios and installation instructions. - Clarified when to use the scanner for increased safety guidance. - Standardized and updated risk pattern keys in code examples. - Updated version and description metadata. - Added author attribution and improved formatting for easier reading.

v1.2.0

Skill-guard-waai 1.2.0 includes expanded documentation with bilingual (EN/CN) descriptions and improved risk categories. - Updated SKILL.md to include both English and Chinese descriptions. - Refined and expanded risk categories and severity levels. - Clarified usage instructions with concise code samples. - Enhanced risk pattern matching examples for greater clarity and coverage.

v1.1.0

- Initial release of version 1.1.0. - Internal update to skill_guard.py; no user-facing documentation changes. - Core security scan functionality maintained as before.

v1.0.0

Initial release of skill_guard: 全方位Skill安全检查工具 - 新增支持下载或使用前扫描Skill的风险。 - 覆盖重点风险类型，包括：代码执行、文件操作、网络请求、命令注入、依赖漏洞、权限过度、数据泄露、后门等。 - 提供本地与远程Skill扫描功能。 - 列出详细风险模式与严重程度。 - 运行依赖仅需python3。

元数据

Slug skill-guard-waai

版本 1.3.0

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 4

常见问题

Skill Guard 是什么？

Skill Security Scanner - Scan for risks before download/use. Use when: installing unknown skills, evaluating third-party code, or security auditing. / Skill安... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 289 次。

如何安装 Skill Guard？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-guard-waai」即可一键安装，无需额外配置。

Skill Guard 是免费的吗？

是的，Skill Guard 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Skill Guard 支持哪些平台？

Skill Guard 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Skill Guard？

由 HuaiBuer（@huaibuer）开发并维护，当前版本 v1.3.0。