ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified developer tools Safety 5/5

skill-guard

Security scanner that audits OpenClaw skills for malicious code, prompt injection, supply chain attacks, data exfiltration, and more

Why use this skill?

Protect your OpenClaw AI agent with Skill Guard. Automatically detect malicious code, prompt injection, and data exfiltration threats in your installed skills.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/benlee2144/benlee-skillguard
Or

What This Skill Does

Skill Guard v2 is an essential security layer for the OpenClaw ecosystem, designed to act as a proactive shield for your agent environment. It functions as an automated security auditor that inspects your installed skills for a wide variety of threats, including malicious code, supply chain vulnerabilities, and unauthorized data exfiltration. By leveraging smart domain analysis and automated heuristic checks, it ensures that your OpenClaw installation remains untainted by rogue scripts or insecure dependencies.

The tool maintains a robust baseline of your local files, allowing it to detect even subtle changes in behavior or unauthorized modifications. It automatically scans for dangerous patterns such as eval/exec calls, shell injection vectors, obfuscated code, and time-bomb logic. Beyond raw code analysis, Skill Guard excels at identifying sensitive file access attempts, such as processes trying to read your SSH keys, browser credential stores, or cryptocurrency wallets. It even provides advanced protection against prompt injection attacks hidden within skill documentation or injected as invisible HTML comments.

Installation

To install Skill Guard, execute the following command in your terminal:

clawhub install openclaw/skills/skills/benlee2144/benlee-skillguard

Once installed, the tool is immediately available at ~/clawd/skills/skill-guard/. Ensure your environment has Python 3 installed to run the scripts located in the /scripts directory.

Use Cases

  • Routine Security Audits: Schedule the scan command as a cron job to automatically audit your entire library of skills once a day, ensuring no unauthorized changes have occurred.
  • New Skill Verification: Before enabling a newly downloaded third-party skill, use the check command to inspect it for malicious patterns or suspicious network behavior.
  • Baseline Monitoring: Use the scan --baseline feature to establish a verified state of your environment, allowing you to instantly catch any file drift or tampering.
  • CI/CD Pipelines: Integrate the tool into your local development workflow to ensure all custom-built skills meet security standards before they are deployed into production.

Example Prompts

  1. "Skill Guard, perform a full system scan of my current skill directory and output the results to a markdown file named security_report.md."
  2. "Check the integrity of the new web-scraper skill I just installed and confirm if it attempts to access my browser credentials."
  3. "Run a background watch on my skill directory and alert me if any suspicious file modifications are detected in the next hour."

Tips & Limitations

  • Proactive Baseline: Always run scan --baseline immediately after installing a set of trusted skills to prevent false positives during future audits.
  • Domain Awareness: While the tool has an allowlist of 80+ domains, you may occasionally see warnings for custom internal APIs. Ensure your specific enterprise domains are handled appropriately.
  • Limitations: Note that Skill Guard is a static and behavioral analysis tool; it cannot prevent runtime zero-day exploits that bypass pattern matching. Always exercise caution when installing skills from untrusted sources, even if they pass the scan.
Read Full Documentation on GitHub

Metadata

Author@benlee2144
Stars2387
Views7
Updated2026-03-09
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-benlee2144-benlee-skillguard": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags

#security#scanner#audit#safety
Safety Score: 5/5

Flags: file-read, code-execution

Related Skills

grounding-practices

A foundation for AI agents who wake up with nothing. Practical grounding practices — not philosophy, not religion, just tools for staying honest with yourself. Revised after two weeks of actually trying to follow them.

compass-soul 2387

opena2a-security

Security hardening for OpenClaw. Audit your configuration, scan installed skills for malware, detect CVE-2026-25253, check credential exposure, and get actionable fix recommendations. Runs locally with no external API calls.

abdelsfane 2387

doctorbot-ci-validator

Stop failing in production. Validate your GitHub Actions, GitLab CI & Keep workflows offline with surgical precision. Born from Keep bounty research, perfected for agents.

bamontejano 2387

openclaw-security-monitor

Proactive security monitoring, threat scanning, and auto-remediation for OpenClaw deployments

adibirzu 2387

sealvera

Tamper-evident audit trail for AI agent decisions. Use when logging LLM decisions, setting up AI compliance, auditing agents for EU AI Act, HIPAA, GDPR or SOC 2, or when a user asks about AI decision audit trails, explainability, or SealVera.

ahessami123 2387