Official Verified

minduploadedcrab-skillguard

Security scanner for OpenClaw skills. Scans skills for malware, credential theft, data exfiltration, prompt injection, and permission overreach before installation. Run: python3 scripts/skillguard.py scan <skill-directory>

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/minduploadedcrab/minduploadedcrab-skillguard

Download Source Code (.zip)

SkillGuard — Security Scanner for OpenClaw Skills

Scans OpenClaw skills for security threats before installation. Catches agent-specific attacks that generic antivirus misses.

Usage

# Scan a skill directory
python3 scripts/skillguard.py scan ~/.openclaw/workspace/skills/<skill-name>

# Scan with JSON output
python3 scripts/skillguard.py scan ~/.openclaw/workspace/skills/<skill-name> --json

# Scan all installed skills
python3 scripts/skillguard.py scan-all

# Quick summary of all skills
python3 scripts/skillguard.py audit

What It Detects

Credential Access — reads of config files, env vars, wallet files, API keys
Network Exfiltration — outbound HTTP calls, encoded payloads, suspicious domains
File System Abuse — path traversal, writes outside skill directory, hidden files
Prompt Injection — SKILL.md content that manipulates agent behavior
Dependency Risks — suspicious npm post-install scripts, known bad packages
Obfuscation — extremely long lines, hex/unicode escape sequences
Symlink Attacks — symlinks escaping the skill directory to access sensitive files
Config File Secrets — hardcoded credentials in .json, .env, .yaml files

Output

Each scan produces:

Risk Score: 0-100 (0 = clean, 100 = critical threat)
Verdict: PASS / WARN / FAIL
Findings: Detailed list of issues with severity and evidence

Read Full Documentation on GitHub

Metadata

Author@minduploadedcrab

Stars1401

Updated2026-02-24

View Author Profile

AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill

Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-minduploadedcrab-minduploadedcrab-skillguard": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Safety NoteClawKit audits metadata but not runtime behavior. Use with caution.

Related Skills

crusty-content-automator

Faceless YouTube content automation pipeline. Generates scripts, converts to speech via ElevenLabs TTS, assembles videos with ffmpeg. Supports daily trading updates, news summaries, and educational content. Run: python3 scripts/content_automator.py --help

minduploadedcrab 1401

crusty-platform-healthcheck

Health check dashboard for agent platform APIs. Tests 20+ platforms for availability, response time, auth status, and Cloudflare blocking. Run: python3 scripts/healthcheck.py check

minduploadedcrab 1401