ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified utilities Safety 5/5

skill-guard

Scan ClawHub skills for prompt injection and malicious content using Lakera Guard before installing them. Run automatically when the user asks to install a skill, or on-demand to audit any skill by slug or search query.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/0xmerkle/skill-guard-actor
Or

What This Skill Does

SkillGuard is a critical security layer for the OpenClaw ecosystem, specifically designed to audit third-party skills sourced from ClawHub. Before any code is executed or installed, SkillGuard intercepts the process to perform a rigorous security audit. By leveraging the Lakera Guard platform, this skill analyzes the raw SKILL.md content of requested packages, identifying potential threats such as prompt injection, malicious jailbreak attempts, and suspicious instructions that could compromise your local environment. It acts as a gatekeeper, ensuring that your agent workspace remains untainted by external adversarial content.

Installation

Installation of SkillGuard is handled via the Apify platform. Users must ensure their environment variables—specifically APIFY_TOKEN, LAKERA_API_KEY, OPENCLAW_WEBHOOK_URL, and OPENCLAW_HOOKS_TOKEN—are correctly configured. The process involves creating a secure webhook definition that facilitates asynchronous communication between the Apify actor and your OpenClaw instance. Once the webhook is established, you can trigger scans either through the provided command-line utility or by making direct POST requests to the actor endpoint. The integration is designed to be seamless, with results reported directly back to your OpenClaw hooks endpoint for immediate agent-side processing.

Use Cases

SkillGuard is essential for power users and developers who frequently test new tools. It is best utilized when installing new skills from public repositories, conducting periodic audits of existing skill sets to ensure no compromised updates have been introduced, and performing pre-installation checks on unknown scripts. Whether you are automating your workflow with custom tools or exploring community-driven automation, SkillGuard provides the peace of mind that every instruction set has been evaluated for safety and integrity.

Example Prompts

  1. "Check the safety of the instagram-search skill before I install it."
  2. "I want to install the 'finance-tracker' skill, please scan it for prompt injection first."
  3. "Run a security audit on all currently installed skills to ensure nothing looks malicious."

Tips & Limitations

To maximize effectiveness, always ensure your Lakera API key is kept secure and updated. Note that SkillGuard scans the metadata and documentation content of skills; it is most effective at preventing social engineering-based jailbreaks. While highly robust, no tool can guarantee 100% security against zero-day exploits. Always review the 'Reasoning' provided in the scan verdict, and avoid installing any skill marked as 'flagged' regardless of the perceived utility. When scanning in batches, use the 'maxSkills' parameter to keep API latency within reasonable limits.

Read Full Documentation on GitHub

Metadata

Author@0xmerkle
Stars4473
Views2
Updated2026-05-01
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-0xmerkle-skill-guard-actor": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags(AI)

#security#auditing#safety#cybersecurity#automation
Safety Score: 5/5

Flags: external-api