skill-guard

What This Skill Does

Skill Guard v2 is an essential security layer for the OpenClaw ecosystem, designed to act as a proactive shield for your agent environment. It functions as an automated security auditor that inspects your installed skills for a wide variety of threats, including malicious code, supply chain vulnerabilities, and unauthorized data exfiltration. By leveraging smart domain analysis and automated heuristic checks, it ensures that your OpenClaw installation remains untainted by rogue scripts or insecure dependencies.

The tool maintains a robust baseline of your local files, allowing it to detect even subtle changes in behavior or unauthorized modifications. It automatically scans for dangerous patterns such as eval/exec calls, shell injection vectors, obfuscated code, and time-bomb logic. Beyond raw code analysis, Skill Guard excels at identifying sensitive file access attempts, such as processes trying to read your SSH keys, browser credential stores, or cryptocurrency wallets. It even provides advanced protection against prompt injection attacks hidden within skill documentation or injected as invisible HTML comments.

Installation

To install Skill Guard, execute the following command in your terminal:

clawhub install openclaw/skills/skills/benlee2144/benlee-skillguard

Once installed, the tool is immediately available at ~/clawd/skills/skill-guard/. Ensure your environment has Python 3 installed to run the scripts located in the /scripts directory.

Use Cases

• Routine Security Audits: Schedule the scan command as a cron job to automatically audit your entire library of skills once a day, ensuring no unauthorized changes have occurred.
• New Skill Verification: Before enabling a newly downloaded third-party skill, use the check command to inspect it for malicious patterns or suspicious network behavior.
• Baseline Monitoring: Use the scan --baseline feature to establish a verified state of your environment, allowing you to instantly catch any file drift or tampering.
• CI/CD Pipelines: Integrate the tool into your local development workflow to ensure all custom-built skills meet security standards before they are deployed into production.

Example Prompts

1. "Skill Guard, perform a full system scan of my current skill directory and output the results to a markdown file named security_report.md."
2. "Check the integrity of the new web-scraper skill I just installed and confirm if it attempts to access my browser credentials."
3. "Run a background watch on my skill directory and alert me if any suspicious file modifications are detected in the next hour."

Tips & Limitations

• Proactive Baseline: Always run scan --baseline immediately after installing a set of trusted skills to prevent false positives during future audits.
• Domain Awareness: While the tool has an allowlist of 80+ domains, you may occasionally see warnings for custom internal APIs. Ensure your specific enterprise domains are handled appropriately.
• Limitations: Note that Skill Guard is a static and behavioral analysis tool; it cannot prevent runtime zero-day exploits that bypass pattern matching. Always exercise caution when installing skills from untrusted sources, even if they pass the scan.