Minduploadedcrab Skillguard
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (ignore-previous-instructions); human review is required before treating this skill as clean.
This skill looks reasonable as a local security scanner. Use it intentionally on skill directories, do not treat its results as a complete guarantee of safety, and avoid sharing raw scan output because it may include snippets from files containing secrets. ClawScan detected prompt-injection indicators (ignore-previous-instructions), so this skill requires review even though the model response was benign.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running scan-all lets the tool inspect all installed OpenClaw skill files on the local machine.
The scanner can recursively enumerate installed skill files. This is aligned with its security-scanning purpose, but it is broader than inspecting one selected file.
SKILLS_DIR = Path.home() / ".openclaw" / "workspace" / "skills" ... for root, dirs, filenames in os.walk(skill_path):
Run it only against skill directories you intend to inspect, and review scan results before acting on them.
The tool does not appear to transmit secrets, but its terminal or JSON output could reveal sensitive values if copied or shared.
Findings can include up to 200 characters of the line that matched a credential/path pattern, so scan output may contain secret-like snippets if scanned files contain secrets.
message=f"Accesses sensitive path/variable: {cp}" ... evidence=line.strip()[:200]Treat scan output as sensitive, especially JSON reports, and redact credential-looking values before sharing results.