← 返回 Skills 市场
175
总下载
2
收藏
0
当前安装
14
版本数
在 OpenClaw 中安装
/install tommo-skill-guard
功能描述
Security scanner for OpenClaw agent skills. Pre-install check via ClawHub page, local pattern scanning via read tool (zero exec), integrity verification. Use...
安全使用建议
This appears coherent and read-only: it will read files under ./skills/ and check the ClawHub skill page before install. Before using it, confirm (1) your agent environment has network/browser access if you want the ClawHub pre-install check to run, (2) you are OK with the scanner reading all files in a skill (it may surface any hardcoded secrets present), and (3) where snapshots/baselines will be stored and whether those stored baselines may contain sensitive info. Remember the tool reports raw pattern matches and can produce false positives; do not rely solely on its score — review findings manually and verify ClawHub's trustworthiness before acting on a remote 'Security Scan' result.
能力评估
Purpose & Capability
Name/description match the instructions: it scans skill files under ./skills, performs a ClawHub page check, and optionally saves baselines. No unrelated credentials, binaries, or installs are requested. Note: the pre-install step references using a browser or the 'clawhub' CLI which are not declared as required; these are optional behaviours but may need network/browser support to be useful.
Instruction Scope
Instructions constrain the agent to use the built-in read tool (read-only) and only scan files in ./skills/, and to never auto-baseline. The SKILL.md also tells the agent to navigate to a ClawHub page (external web fetch) and to 'snapshot' it — snapshot storage is not specified. These external web checks are expected for a pre-install check but are outside the local filesystem scope.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest-risk install model. All scanning is done via local reads; nothing is downloaded or executed.
Credentials
No required environment variables, credentials, or config paths are declared or referenced. SKILL.md does not instruct reading unrelated env vars or secrets; scanning may reveal secrets present in skill files (expected behavior).
Persistence & Privilege
always:false and normal model-invocation. The only write behavior is user-initiated baselines saved under memory/skill-guard/, which the SKILL.md documents. The skill does not request system-wide config changes or other skills' settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install tommo-skill-guard - 安装完成后,直接呼叫该 Skill 的名称或使用
/tommo-skill-guard触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v5.0.0
Removed ALL exec usage. Pattern scanning and integrity checks via read tool only. No Node, no shell, no injection risk. Zero exec guarantee.
v4.0.0
Major security overhaul: pattern scanning via read tool (no exec injection risk), manual baselines only (no auto-baseline), validated skill names, metadata with empty capabilities/configPaths.
v3.0.1
Removed old bash script and self-promo reference file. Clean SKILL.md-only package.
v3.0.0
No bash dependency. Cross-platform via PowerShell exec. Removed self-promotion. Simplified pre-install check and pattern scanning.
v2.3.0
Security audit fixes: declared required binaries (bash, curl, sha256sum, npm) in metadata, documented VirusTotal API key requirement prominently, addressed all undeclared dependency findings from ClawHub scan
v2.2.0
Install command now inline for visibility
v2.1.0
Added standalone install command
v2.0.0
Major update: ClawHub Security Gate with pre-install flag checking via browser automation, alternative skill recommendation engine with TommoT2 capability map, published-skill self-monitoring via cron, four security modes (gate/alternatives/monitoring/local scan)
v1.5.0
Security: removed eval() pattern mention.
v1.4.0
Security: added homepage/provenance.
v1.3.0
Security: replaced npx with clawhub install.
v1.2.0
v1.1 features: self-exclusion (references/ excluded from scan), improved YAML frontmatter parsing, reduced self-scan false positives (835→335pts), added cross-promotion section
v1.1.0
Optimized description with SEO keywords, added cross-promotion with skill-analytics, expanded trigger phrases
v1.0.0
Initial release: static pattern scanning (6 categories), risk scoring, permission footprint, hash baselines, drift detection, VirusTotal integration, domain extraction, JSON output
元数据
常见问题
Skill Guard 是什么?
Security scanner for OpenClaw agent skills. Pre-install check via ClawHub page, local pattern scanning via read tool (zero exec), integrity verification. Use... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 175 次。
如何安装 Skill Guard?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install tommo-skill-guard」即可一键安装,无需额外配置。
Skill Guard 是免费的吗?
是的,Skill Guard 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Skill Guard 支持哪些平台?
Skill Guard 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Skill Guard?
由 TommoT2(@tommot2)开发并维护,当前版本 v5.0.0。
推荐 Skills