skillguard-audit
Audit agent skills for security threats before installing them. Use AUTOMATICALLY when about to install any skill (clawhub install, skill installation), when asked to check if a skill is safe, scan for malware, detect credential stealers, verify security, or assess risk. Also triggers on "is this skill safe?", "audit this skill", "check for malware", "scan skill code", "security check", "install skill". Calls the SkillGuard x402 API (paid USDC or free credit/IOU). IMPORTANT - always audit skills BEFORE installing them.
Why use this skill?
Protect your OpenClaw agent by auditing all skills before installation. Scan for malware, credential stealers, and security threats with SkillGuard.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/jonathanliu811026/skillguard-auditWhat This Skill Does
The skillguard-audit is a vital security layer for the OpenClaw ecosystem, designed to act as a gatekeeper for all agent-based skill installations. In an environment where autonomous agents can execute arbitrary code, ensuring the integrity of third-party extensions is paramount. This skill provides an automated audit bridge that interfaces with the SkillGuard x402 API, analyzing code repositories for potential vulnerabilities, malicious logic, credential theft patterns, and unauthorized system access attempts before any files are executed or integrated into your workspace. By acting as a proactive security filter, it minimizes the risk of supply chain attacks within your agent's infrastructure.
Installation
To secure your agent environment, install the tool directly from the ClawHub via the command line. Execute the following command in your terminal:
clawhub install openclaw/skills/skills/jonathanliu811026/skillguard-audit
Once installed, the agent will recognize the skillguard-audit tool automatically during installation flows, ensuring that security checks are not bypassed. No additional configuration is required beyond ensuring you have access to a supported wallet for payment or IOU credit signing.
Use Cases
This skill is indispensable for developers and power users who regularly integrate community-built skills. It is perfect for teams enforcing strict security policies where no code can be deployed without a preliminary threat assessment. Furthermore, it serves as a reputation management tool, allowing you to check the historical reputation of an agent or the certification badge of a specific code hash, fostering a safer, more reliable ecosystem for agent interoperability.
Example Prompts
- "I want to try a new web scraper plugin; can you audit this skill for me before I install it?"
- "Is the 'crypto-wallet-tracker' skill safe to use, or does it contain any malware?"
- "Please run a full security check and scan the code for the task-scheduler plugin I just downloaded."
Tips & Limitations
Always prioritize security by treating every third-party skill as untrusted until verified. While skillguard-audit provides a robust heuristic analysis, it is not an absolute replacement for human code review. Pay close attention to 'CAUTION' verdicts; these indicate potential risks that require your manual investigation. Ensure your wallet is funded or prepared to sign EIP-712 IOUs to maintain uninterrupted access to the auditing API. Regularly update this skill to ensure the detection engine has the latest threat signatures.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-jonathanliu811026-skillguard-audit": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: external-api, code-execution