Back to skill
Skillv1.0.1
VirusTotal security
# key-guard A local MCP server that keeps API keys off Claude's servers. ## Why This Exists When Claude reads a file containing an API key, the raw key content gets sent to Claude's servers. key-guard prevents this by acting as a local middleman — Claude calls a tool, the tool reads the key and makes the API call locally, and only the result is returned to Claude. · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 5:34 AM
- Hash
- 4d66bf0d48845f751a6061b491476d9cff83310874d453f69be48439c5a3bcf1
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: key-guard Version: 1.0.1 The key-guard skill bundle is a defensive security tool designed to prevent the accidental transmission of API keys to LLM providers. It implements an MCP server (key-guard.js) that allows an AI agent to validate keys, mask secrets in local files (read_file_masked), and perform authenticated API calls locally (call_api) without the agent ever seeing the raw credentials. While the server has broad file system access and scans shell profiles like .bashrc for specific 'KG_' prefixed keys, these behaviors are transparently documented and directly support the tool's stated purpose of local secret management.
- External report
- View on VirusTotal