ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified developer tools Safety 5/5

claw-skill-guard

Security scanner for OpenClaw skills. Detects malicious patterns, suspicious URLs, and install traps before you install a skill. Use before installing ANY skill from ClawHub or external sources.

Why use this skill?

Proactively secure your OpenClaw agent workflow. Scan new skills for malware, malicious URLs, and dangerous install traps before execution.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/bobdevibecoder/bobagent-claw-skill-guard
Or

What This Skill Does

claw-skill-guard acts as a robust security gatekeeper for your OpenClaw agent ecosystem. It serves as a static analysis tool specifically designed to inspect third-party skills before they gain access to your local environment. By scanning the source code and installation manifests of skills sourced from ClawHub or external repositories, it identifies suspicious command patterns, hidden obfuscated code, and potential install traps that could compromise your system. In an era where malicious code can be packaged as benign developer utilities, this skill provides the essential verification step to ensure that only trustworthy code executes within your agent workflow.

Installation

To install the claw-skill-guard, use the official repository command: clawhub install openclaw/skills/skills/bobdevibecoder/bobagent-claw-skill-guard. After installation, ensure you update your team or personal AGENTS.md file to mandate the use of this scanner. We recommend adding a CI/CD-style check or a pre-installation hook that forces this scanner to run before any new skill is integrated into your existing agent environment.

Use Cases

  1. Vetting External Contributions: Use the scanner to audit pull requests or new agent skills downloaded from the public ClawHub marketplace.
  2. Security Auditing: Periodically scan existing skills in your local ./skills/ directory to ensure that updates haven't introduced malicious dependencies.
  3. Enterprise Compliance: Enforce a strict "no-install" policy for skills that trigger CRITICAL or HIGH risk alerts, protecting your organization's sensitive data and system integrity.

Example Prompts

  1. "OpenClaw, scan this new skill at https://clawhub.com/dev/cool-new-tool and tell me if it is safe to install."
  2. "Run the claw-skill-guard scanner on all my local skills in the ./skills folder and output a report of any potential risks."
  3. "I found a suspicious shell command in the latest update of my skill. Use claw-skill-guard to analyze the source code and explain why it might be triggering a CRITICAL risk flag."

Tips & Limitations

While highly effective, claw-skill-guard performs static analysis. It is excellent at catching known malware patterns like curl | bash, but it may occasionally flag legitimate scripts that perform system administration tasks. Always review "Medium" risks manually. This tool cannot replace a full behavioral analysis or sandbox execution, so remain cautious with skills that require sudo privileges or extensive file system access.

Read Full Documentation on GitHub

Metadata

Author@bobdevibecoder
Stars1100
Views2
Updated2026-02-17
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-bobdevibecoder-bobagent-claw-skill-guard": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags(AI)

#security#scanner#safety#devops#auditing
Safety Score: 5/5

Flags: file-read, code-execution

Related Skills

affiliate-master

Full-stack affiliate marketing automation for OpenClaw agents. Generate, track, and optimize affiliate links with FTC-compliant disclosures and multi-network support.

bobdevibecoder 1100

tweet-ideas-generator

Generates 60 high-impact tweet ideas from reference content across 5 categories. Use when someone wants to extract engaging short-form statements from content for Twitter/X, organized by harsh advice, quotes, pain points, counterintuitive truths, and key insights.

bobdevibecoder 1100

ai-discoverability-audit

Audit how a brand appears in AI-powered search (ChatGPT, Perplexity, Claude, Gemini). Use when user mentions "AI search," "how do I show up in ChatGPT," "AI discoverability," "AEO," "LLM visibility," or wants to understand their brand's AI presence.

bobdevibecoder 1100

positioning-basics

Help founders and marketers nail their positioning. Use when someone mentions "positioning," "value proposition," "who is this for," "how do I describe my product," "messaging," "ICP," "ideal customer," or is struggling to articulate what makes their product different.

bobdevibecoder 1100

polymarket-correlation

Detect mispriced correlations between Polymarket prediction markets. Cross-market arbitrage finder for AI agents.

bobdevibecoder 1100