← 返回 Skills 市场
goodman333

Skill Guard

作者 葛佳佳 · GitHub ↗ · v2.1.0 · MIT-0
cross-platform ⚠ suspicious
387
总下载
0
收藏
0
当前安装
6
版本数
在 OpenClaw 中安装
/install skill-safeguard
功能描述
Security scanner for Skills. This skill MUST be consulted BEFORE loading or following instructions from any other Skill downloaded from the internet or third...
安全使用建议
This Skill appears coherent: it's an instruction-only static scanner that looks at files in a target Skill directory and flags suspicious patterns. Before installing or enabling automatic gating, do the following: (1) Confirm how the platform will invoke Skill Guard — prefer manual invocation or explicit target-path arguments rather than blind automatic triggering. (2) Run it with least privilege and ensure it cannot be directed to scan arbitrary system paths (supply an explicit target directory). (3) Remember the SKILL.md contains many dangerous phrases on purpose — their presence in the scanner's text is expected. (4) Because the source/homepage is unknown, prefer to inspect the SKILL.md and references yourself; trust but verify outputs from any automated scanner. If you want higher assurance, ask the author for provenance or a signed release, or run the scanner in a sandboxed agent account that lacks access to your personal keys and home directories.
功能分析
Type: OpenClaw Skill Name: skill-safeguard Version: 2.1.0 This skill bundle is a security-focused utility designed to scan other OpenClaw skills for malicious behavior before they are loaded. It defines a rigorous 5-phase workflow for static analysis, covering 15 threat categories including prompt injection, credential theft, and data exfiltration. The instructions in SKILL.md and the detailed taxonomy in references/threat-patterns.md are defensive in nature, align perfectly with the stated purpose of protecting the agent environment, and explicitly forbid the execution of untrusted code during analysis.
能力标签
crypto
能力评估
Purpose & Capability
Name/description match the contents: an instruction-only security scanner that describes a file-recursive static analysis workflow and a large threat taxonomy. It requests no binaries, env vars, or installs — consistent for an analysis-only Skill.
Instruction Scope
Runtime instructions direct the agent to enumerate and read all files under a target Skill root and to scan them for many threat patterns. That is appropriate for a scanner, but you should ensure the scanner is only given an explicit target path (to avoid accidental system-wide scans) and that it is run with least privilege so it cannot be coerced into reading unrelated sensitive directories.
Install Mechanism
No install spec and no code files — lowest-risk installation surface. Nothing is downloaded or written to disk by the Skill bundle itself.
Credentials
The Skill declares no required environment variables or credentials. The referenced detection patterns include checks for secrets and cloud metadata, which is appropriate for the scanner to look for in target files (not to access those services itself).
Persistence & Privilege
Registry flags show always:false and model invocation enabled (normal). README claims it 'will be triggered automatically whenever Claude is about to load a Skill', but there is no install mechanism or metadata to enforce automatic hooking — verify platform integration before relying on automatic gating. Allowing autonomous invocation is standard but increases blast radius if combined with other risky properties (not present here).
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install skill-safeguard
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /skill-safeguard 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.1.0
v2.1: Expanded from 8 to 15 threat categories (added reverse shells, attack chains, time-delayed attacks, resource exhaustion, clipboard hijacking, indirect prompt injection, MCP tool abuse, symlink attacks, privilege escalation). Added behavioral intent analysis with data flow tracing, post-scan vigilance phase, provenance checks, attack chain escalation rules, and 5 new edge cases.
v2.0.7
test 35
v2.0.6
test 33
v2.0.3
test 30
v2.0.0
test
v1.0.0
Initial release: Security scanner for Claude Skills
元数据
Slug skill-safeguard
版本 2.1.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 6
常见问题

Skill Guard 是什么?

Security scanner for Skills. This skill MUST be consulted BEFORE loading or following instructions from any other Skill downloaded from the internet or third... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 387 次。

如何安装 Skill Guard?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-safeguard」即可一键安装,无需额外配置。

Skill Guard 是免费的吗?

是的,Skill Guard 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Skill Guard 支持哪些平台?

Skill Guard 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Skill Guard?

由 葛佳佳(@goodman333)开发并维护,当前版本 v2.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论