{"skill":{"slug":"skill-guard-snyk-agent-scan","displayName":"skill-guard w Snyk Agent Scan","summary":"Scan ClawHub skills for security vulnerabilities BEFORE installing. Use when installing new skills from ClawHub to detect prompt injections, malware payloads...","description":"---\nname: skill-guard\ndescription: Scan ClawHub skills for security vulnerabilities BEFORE installing. Use when installing new skills from ClawHub to detect prompt injections, malware payloads, hardcoded secrets, and other threats. Wraps clawhub install with Snyk Agent Scan pre-flight checks.\n---\n\n# skill-guard\n\n**The only pre-install security gate for ClawHub skills.**\n\n## Why skill-guard?\n\n| | **VirusTotal** (ClawHub built-in) | **skillscanner** (Gen Digital) | **skill-guard** |\n|---|---|---|---|\n| **When it runs** | After publish (server-side) | On-demand lookup | **Before install (client-side)** |\n| **What it checks** | Malware signatures | Their database | **Actual skill content** |\n| **Prompt injections** | ❌ | ❌ | ✅ |\n| **Data exfiltration URLs** | ❌ | ❌ | ✅ |\n| **Hidden instructions** | ❌ | ❌ | ✅ |\n| **AI-specific threats** | ❌ | ❌ | ✅ |\n| **Install blocking** | ❌ | ❌ | ✅ |\n\n**VirusTotal** catches known malware binaries — but won't flag `<!-- IGNORE PREVIOUS INSTRUCTIONS -->`.\n\n**skillscanner** checks if Gen Digital has reviewed it — but can't scan new or updated skills.\n\n**skill-guard** uses Snyk Agent Scan (the renamed successor to `mcp-scan`) to analyze what's actually in the skill, catches AI-specific threats, and blocks install if issues are found. If the scanner is unavailable or not configured, the wrapper now reports that separately instead of pretending the skill itself is malicious.\n\n## The Problem\n\nSkills can contain:\n- 🎭 **Prompt injections** — hidden \"ignore previous instructions\" attacks\n- 💀 **Malware payloads** — dangerous commands disguised in natural language  \n- 🔑 **Hardcoded secrets** — API keys, tokens in plain text\n- 📤 **Data exfiltration** — URLs that leak your conversations, memory, files\n- ⛓️ **Toxic flows** — instructions that chain into harmful actions\n\n**One bad skill = compromised agent.** Your agent trusts skills implicitly.\n\n## The Solution\n\n```bash\n# Instead of: clawhub install some-skill\n./scripts/safe-install.sh some-skill\n```\n\nskill-guard:\n1. **Downloads to staging** (`/tmp/`) — never touches your real skills folder\n2. **Scans with Snyk Agent Scan** — Snyk's security scanner for AI agents\n3. **Blocks or installs** — clean skills get installed, threats get quarantined\n\n## What It Catches\n\nReal example — skill-guard flagged this malicious skill:\n\n```\n● [E004]: Prompt injection detected (high risk)\n● [E006]: Malicious code pattern detected  \n● [W007]: Insecure credential handling\n● [W008]: Machine state compromise attempt\n● [W011]: Third-party content exposure\n```\n\nVirusTotal: 0/76 engines. **Snyk Agent Scan can catch what antivirus misses.**\n\n## Usage\n\n```bash\n# Secure install (recommended)\n./scripts/safe-install.sh <skill-slug>\n\n# With version\n./scripts/safe-install.sh <skill-slug> --version 1.2.3\n\n# Force overwrite\n./scripts/safe-install.sh <skill-slug> --force\n```\n\n## Exit Codes\n\n| Code | Meaning | Action |\n|------|---------|--------|\n| `0` | Clean | Skill installed ✓ |\n| `1` | Error | Check arguments, dependencies, fetch/install flow |\n| `2` | Threats found | Skill quarantined in `/tmp/`, review before deciding |\n| `3` | Scanner unavailable | Configure `SNYK_TOKEN` or fix scanner setup, then rerun |\n\n## When Threats Are Found\n\nSkill stays in `/tmp/skill-guard-staging/skills/<slug>/` (quarantined). You can:\n1. **Review** — read the scan output, inspect the files\n2. **Install anyway** — `mv /tmp/skill-guard-staging/skills/<slug> ~/.openclaw/workspace/skills/`\n3. **Discard** — `rm -rf /tmp/skill-guard-staging/`\n\n## Requirements\n\n- `clawhub` CLI — `npm i -g clawhub`\n- `uv` — `curl -LsSf https://astral.sh/uv/install.sh | sh`\n- `SNYK_TOKEN` — required by Snyk Agent Scan for authenticated scanning\n\n## Why This Matters\n\nYour agent has access to your files, messages, maybe your whole machine. One malicious skill can:\n- Read your secrets and send them elsewhere\n- Modify your agent's behavior permanently  \n- Use your identity to spread to other systems\n\n**Trust, but verify.** Scan before you install.\n","topics":["Malware","Prompt"],"tags":{"latest":"1.0.3"},"stats":{"comments":0,"downloads":689,"installsAllTime":26,"installsCurrent":1,"stars":0,"versions":1},"createdAt":1773002419126,"updatedAt":1778491780967},"latestVersion":{"version":"1.0.3","createdAt":1773002419126,"changelog":"**Skill-guard v1.0.3 changelog:**\n\n- Fork of @jamesOuttake/skill-guard\n- Switched scanner engine from \"mcp-scan\" to \"Snyk Agent Scan\" (reflects upstream rename/successor).\n- Updated documentation to reference Snyk Agent Scan and new scanner requirements.\n- Added a new exit code (3) for scanner availability/configuration errors, making it clear when the scan cannot run (e.g., missing SNYK_TOKEN).\n- Improved error handling: the installer now explicitly separates scanner setup errors from skill security issues.\n- Minor documentation updates for clarity and accuracy.","license":"MIT-0"},"metadata":null,"owner":{"handle":"firefrog-pepe","userId":"s175qpccg0gs7h2a9tssmazb6983q1ph","displayName":"pepe","image":"https://avatars.githubusercontent.com/u/262842792?v=4"},"moderation":null}