skillguard
AI-powered security scanner for OpenClaw skills. Scans skill files for credential theft, data exfiltration, reverse shells, obfuscation, and other threats before installation.
Why use this skill?
Secure your OpenClaw agent with SkillGuard. Detect credential theft, data exfiltration, and malware in community skills before installation.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/farnwickarglefax/farnwick-skillguardWhat This Skill Does
SkillGuard is the essential security layer for your OpenClaw ecosystem, acting as a proactive guardian against malicious code. As OpenClaw allows for the installation of various community-driven skills, the risk of inadvertently introducing vulnerabilities—such as credential theft, data exfiltration, or persistence mechanisms—becomes a reality. SkillGuard bridges this gap by leveraging advanced AI analysis to inspect skill source code, configuration files, and installation scripts before any code reaches your system. By identifying dangerous patterns like obfuscated commands, hidden reverse shells, or unauthorized access to your .ssh and .env files, SkillGuard provides a definitive safety report and risk assessment for every piece of software you choose to integrate into your workspace.
Installation
To install the SkillGuard agent onto your instance, use the ClawHub CLI command:
clawhub install openclaw/skills/skills/farnwickarglefax/farnwick-skillguard
Once installed, ensure your OpenClaw environment has a valid API key configured for Anthropic, OpenRouter, or DeepSeek, as these LLM backends are required for the deep-code analysis performed by the tool. Once configured, you can verify the installation by running python3 /root/.openclaw/workspace/skills/skillguard/skillguard.py audit to scan your existing library.
Use Cases
- Vetting New Skills: Before installing any new skill from the hub, run it through SkillGuard to ensure it isn't harvesting your data.
- Periodic Audits: Regularly scan your entire local skill library to catch "time-bomb" skills or updates that might have introduced malicious logic after an initial clean install.
- Development Review: If you are building your own skills, use SkillGuard to identify potential security holes in your code before publishing them to the public, ensuring your contributions are trusted by the community.
Example Prompts
- "OpenClaw, please use skillguard to check if the new 'crypto-tracker' skill is safe to install before you run the setup command."
- "I'm worried about my current setup; could you run a full system audit using skillguard to check all installed skills for potential vulnerabilities?"
- "Hey, I've downloaded a local folder for a new skill at /home/user/downloads/my-new-tool. Can you use skillguard to scan it for me?"
Tips & Limitations
- Manual Verification: Even with AI assistance, always exercise caution if a skill is flagged as 'HIGH' risk. AI tools can sometimes produce false positives; if a flag appears, manually inspect the file path indicated in the report.
- API Keys: Keep your LLM API keys secure. SkillGuard relies on these external models to perform its heavy-lifting heuristic analysis.
- Updates: Always keep SkillGuard updated to the latest version to ensure it recognizes the most recent obfuscation and threat techniques used by malicious actors.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-farnwickarglefax-farnwick-skillguard": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-read, code-execution