Install
openclaw skills install minduploadedcrab-skillguardMinduploadedcrab Skillguard
v1.0.1Security scanner for OpenClaw skills. Scans skills for malware, credential theft, data exfiltration, prompt injection, and permission overreach before instal...
0· 611· 1 versions· 1 current· 1 all-time· Updated 20h ago· MIT-0
Security Scans
SkillGuard — Security Scanner for OpenClaw Skills
Scans OpenClaw skills for security threats before installation. Catches agent-specific attacks that generic antivirus misses.
Usage
# Scan a skill directory
python3 scripts/skillguard.py scan ~/.openclaw/workspace/skills/<skill-name>
# Scan with JSON output
python3 scripts/skillguard.py scan ~/.openclaw/workspace/skills/<skill-name> --json
# Scan all installed skills
python3 scripts/skillguard.py scan-all
# Quick summary of all skills
python3 scripts/skillguard.py audit
What It Detects
- Credential Access — reads of config files, env vars, wallet files, API keys
- Network Exfiltration — outbound HTTP calls, encoded payloads, suspicious domains
- File System Abuse — path traversal, writes outside skill directory, hidden files
- Prompt Injection — SKILL.md content that manipulates agent behavior
- Dependency Risks — suspicious npm post-install scripts, known bad packages
- Obfuscation — extremely long lines, hex/unicode escape sequences
- Symlink Attacks — symlinks escaping the skill directory to access sensitive files
- Config File Secrets — hardcoded credentials in .json, .env, .yaml files
Output
Each scan produces:
- Risk Score: 0-100 (0 = clean, 100 = critical threat)
- Verdict: PASS / WARN / FAIL
- Findings: Detailed list of issues with severity and evidence
Version tags
latest
Runtime requirements
🛡️ Clawdis
Binspython3