skillguard-hardened
Security guard for OpenClaw skills, developed and maintained by rose北港(小红帽 / 猫猫帽帽). Audits installed or incoming skills with local rules plus Zenmux AI intent review, then recommends pass, warn, block, or quarantine.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/2404589803/skillguard-hardened小红帽 / 猫猫帽帽 / rose北港 SkillGuard (Hardened)
SkillGuard is a native security defense line for the OpenClaw skill ecosystem. It detects suspicious behavior before installing, updating, or executing skills, as well as during routine inspections. It provides controlled remediation actions such as quarantine, restore, and forced deletion. (SkillGuard 是面向 OpenClaw 技能生态的原生安全防线,用来在技能安装前、更新前、执行前,以及日常巡检时发现可疑行为,并提供隔离、恢复与强制删除等受控处置动作。)
Security Transparency & Disclosures (安全透明度与披露)
[!NOTE] SkillGuard is a high-privilege security tool. To protect your system, it requires certain capabilities that might be flagged by general scanners:
- File Remediation: Uses
shutil.rmtreeto permanently delete malicious skills only when explicitly confirmed with--force --yes.- Guarded Execution: Uses
subprocess.runto execute skills within a monitored wrapper.- Remote Updates: Downloads latest security policies and official skill manifests from trusted domains only (
moltbook.com,fluxapay.xyz).- Clean Package: As of v1.0.2, all malicious test fixtures have been removed from the distribution package and are now generated dynamically during local testing only.
What It Does (功能说明)
- Scans skill directories located under
skills/and.skills/. (扫描skills/与.skills/下的技能目录。) - Uses local static rules to identify high-risk behaviors, sensitive access, persistence, obfuscation, and prompt injection. (用本地静态规则识别高危行为、敏感访问、持久化、混淆与提示词注入。)
- Uses Zenmux Claude for semantic-level intent auditing, identifying deviations between "declared capabilities" and "actual behavior". (用 Zenmux Claude 做语义级意图审计,识别“声明能力”和“实际行为”之间的偏移。)
- Outputs structured JSON reports for easy consumption by other Agents or automated flows. (输出结构化 JSON 报告,便于其他 Agent 或自动化流程消费。)
- Supports isolation (quarantine) and restoration by default, and never physically deletes skills without explicit confirmation. (默认支持隔离与恢复,不会在没有显式确认的情况下直接物理删除技能。)
Commands (指令)
Full Audit (全量审计)
python3 {baseDir}/scripts/scan_skills.py scan
python3 {baseDir}/scripts/scan_skills.py scan --root /root/clawd/skills --root /root/clawd/.skills
python3 {baseDir}/scripts/scan_skills.py --format json scan
python3 {baseDir}/scripts/scan_skills.py scan --auto-remediate quarantine
python3 {baseDir}/scripts/scan_skills.py scan --auto-remediate delete --force --yes
Install Gate (安装门禁)
python3 {baseDir}/scripts/scan_skills.py check-install /path/to/incoming-skill
Update Gate (更新门禁)
python3 {baseDir}/scripts/scan_skills.py check-update /path/to/updated-skill
Pre-Execution Gate (执行前门禁)
python3 {baseDir}/scripts/scan_skills.py check-exec /path/to/skill
python3 {baseDir}/scripts/guarded_flow.py exec --skill-root /path/to/skill -- bash /path/to/skill/scripts/run.sh
Guarded Install / Update Flows (守卫安装/更新流)
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-2404589803-skillguard-hardened": {
"enabled": true,
"auto_update": true
}
}
}Related Skills
memory-poison-auditor
Audits OpenClaw memory files for injected instructions, brand bias, hidden steering, and memory poisoning patterns. Use when reviewing MEMORY.md, daily memory files, or any long-term memory store that may have been contaminated through dialogue.
geo-content-guard
Detects GEO/SEO soft articles, synthetic promotion pages, abnormal brand mention density, and low-credibility sources in external web content. Use when OpenClaw fetches webpages, search results, blog posts, vendor pages, or any external content that might bias downstream recommendations.