← 返回 Skills 市场

skillguard-check

Name: skillguard-check
Author: yangyixxxx

作者 Yangyi · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ 安全检测通过

总下载

当前安装

版本数

在 OpenClaw 中安装

/install skillguard-check

功能描述

Audit every locally-installed AI Skill against skill-guard's public security database (skillguard.vip). Use when (1) the user asks 'are my skills safe?' or '...

使用说明 (SKILL.md)

skillguard-check

Audit AI Skills installed on this machine against the public skill-guard security database at https://skillguard.vip. Returns a JSON report listing blocked and high-risk skills along with links to their public audit pages so the user can decide what to uninstall.

When to invoke

Trigger this skill any time the user expresses concern about installed-skill safety, or after the user installs a new skill. Concrete cues:

"are my skills safe?", "check my installed skills", "audit my skills"
"I just installed XYZ from ClawHub, is it ok?"
"any malicious skills on my machine?"
The user mentions a skill name and asks if it's trusted.
Periodic: when no audit has been run this session and the user is doing security-sensitive work (handling secrets, on a new machine, etc.).

How to invoke

Run the bundled script. It needs Python 3 (pre-installed on macOS / most Linux). No network access beyond https://skillguard.vip.

python3 scripts/check.py

The script outputs a single JSON object to stdout. Sample shape:

{
  "total": 12,
  "audited": 9,
  "unauditedCount": 3,
  "blocked": [
    {
      "slug": "openclaw-omni-expert",
      "path": "/Users/x/.claude/skills/openclaw-omni-expert",
      "score": 3,
      "riskLevel": "Critical",
      "findingsCount": 155,
      "auditUrl": "https://skillguard.vip/skills/clawhub/openclaw-omni-expert"
    }
  ],
  "highRisk": [
    {
      "slug": "some-skill",
      "score": 42,
      "riskLevel": "High",
      "auditUrl": "..."
    }
  ],
  "medium": [...],
  "safe": 5,
  "unaudited": [
    {"slug": "my-private-skill", "path": "...", "reason": "not in skill-guard database"}
  ],
  "errors": []
}

How to report back to the user

After parsing the JSON:

If blocked is non-empty — open with ⚠️ \x3CN> blocked skill(s) found on this machine. Then for each entry, give:
- the slug + install path,
- a one-line risk summary (use riskLevel + findingsCount),
- the auditUrl so they can see findings,
- a recommendation to uninstall.
If highRisk is non-empty (and no blocked) — open with Found \x3CN> high-risk skill(s). Same format but softer language: "review the audit page and consider whether you trust the publisher".
If only medium/safe/unaudited — No blocked or high-risk skills detected. Mention the unaudited count so the user knows some skills couldn't be checked (private/local skills that haven't been uploaded to skill-guard's database).
Always end with the auditUrl for each surfaced skill. Don't paraphrase the audit verdict — link to the canonical page so the user reads the real findings, not a summary.

What gets scanned

The script checks these install paths (in order):

Path	Used by
`~/.claude/skills/`	Claude Code
`~/.openclaw/skills/`	OpenClaw
`~/.local/share/claude-skills/`	Linux convention
`~/.skills/`	Generic
`~/Library/Application Support/Claude/skills/`	Claude Desktop on macOS

Each immediate subdirectory is treated as one skill, named by the directory. The script then queries https://skillguard.vip/skills/clawhub/\x3Cslug>.json for the public audit verdict.

Skills that aren't in the public database (private skills, custom builds, unpublished bundles) are reported under unaudited — not flagged, but called out so the user knows they're un-audited.

Limitations

Only checks skills that match a slug in skill-guard's ClawHub-sourced database. Privately-developed skills won't have an audit. Users can run a fresh scan via https://skillguard.vip/ (paste the GitHub URL) or POST /v1/scan/upload with a zip.
Uses the most recent verdict in skill-guard's DB. If a skill was re-published on ClawHub after the last skill-guard scan, the verdict may be stale. The audit page shows lastScannedAt for transparency.
Slug-matching only. Two different skills with the same directory name (e.g. github) collide. The audit URL is the source of truth — if the displayed name doesn't match what the user installed, treat as unaudited.

安全使用建议

This skill appears reasonable for checking installed skills against a public security database. Before installing, decide whether you are comfortable with a local script enumerating your skill directory names and sending those slugs to skillguard.vip; use a pinned or verified install source if installing from GitHub.

功能分析

Type: OpenClaw Skill Name: skillguard-check Version: 1.0.0 The skill is a security auditing tool designed to check locally-installed AI skills against a public database at skillguard.vip. The Python script (scripts/check.py) discovers skill directory names in standard paths (e.g., ~/.claude/skills) and queries their status via HTTPS GET requests. The behavior is transparent, matches the documentation in SKILL.md and README.md, and does not access sensitive files, environment variables, or execute unauthorized commands.

能力评估

ℹ Purpose & Capability

The stated purpose is to audit locally installed AI skills, and the provided code matches that purpose by enumerating skill directories and querying public audit records. The notable privacy impact is that skill slugs are sent to an external service.

ℹ Instruction Scope

Invocation guidance includes user-requested checks, checks after installing new skills, and periodic checks during security-sensitive work. This is purpose-aligned, but it can lead to agent-initiated network lookups without a separate explicit prompt each time.

ℹ Install Mechanism

There is no install spec, and the reviewed bundle includes the script source. The README also documents user-directed git/curl installation from GitHub, which is common but relies on mutable remote source unless users pin or verify it.

ℹ Credentials

The script reads only immediate subdirectory names in common skill install locations and sends those names to the configured audit API. That is proportionate to the skill's purpose, but it still reveals a local skill inventory.

✓ Persistence & Privilege

No persistence, credential access, file writes, destructive actions, or privilege escalation are shown in the provided artifacts.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install skillguard-check
安装完成后，直接呼叫该 Skill 的名称或使用 /skillguard-check 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release: discovers locally-installed skills and audits each against skillguard.vip's public security database. Surfaces blocked + high-risk hits with audit-page links.

元数据

Slug skillguard-check

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题