Skill Guard

v5.0.0

Security scanner for OpenClaw agent skills. Pre-install check via ClawHub page, local pattern scanning via read tool (zero exec), integrity verification. Use...

⭐ 2· 164·0 current·0 all-time

by@tommot2

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for tommot2/tommo-skill-guard.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Skill Guard" (tommot2/tommo-skill-guard) from ClawHub.
Skill page: https://clawhub.ai/tommot2/tommo-skill-guard
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install tommo-skill-guard

ClawHub CLI

Package manager switcher

npx clawhub@latest install tommo-skill-guard

Security Scan

VirusTotal

Pending

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description match the instructions: it scans skill files under ./skills, performs a ClawHub page check, and optionally saves baselines. No unrelated credentials, binaries, or installs are requested. Note: the pre-install step references using a browser or the 'clawhub' CLI which are not declared as required; these are optional behaviours but may need network/browser support to be useful.

ℹ

Instruction Scope

Instructions constrain the agent to use the built-in read tool (read-only) and only scan files in ./skills/, and to never auto-baseline. The SKILL.md also tells the agent to navigate to a ClawHub page (external web fetch) and to 'snapshot' it — snapshot storage is not specified. These external web checks are expected for a pre-install check but are outside the local filesystem scope.

✓

Install Mechanism

Instruction-only skill with no install spec and no code files — lowest-risk install model. All scanning is done via local reads; nothing is downloaded or executed.

✓

Credentials

No required environment variables, credentials, or config paths are declared or referenced. SKILL.md does not instruct reading unrelated env vars or secrets; scanning may reveal secrets present in skill files (expected behavior).

✓

Persistence & Privilege

always:false and normal model-invocation. The only write behavior is user-initiated baselines saved under memory/skill-guard/, which the SKILL.md documents. The skill does not request system-wide config changes or other skills' settings.

Assessment

This appears coherent and read-only: it will read files under ./skills/ and check the ClawHub skill page before install. Before using it, confirm (1) your agent environment has network/browser access if you want the ClawHub pre-install check to run, (2) you are OK with the scanner reading all files in a skill (it may surface any hardcoded secrets present), and (3) where snapshots/baselines will be stored and whether those stored baselines may contain sensitive info. Remember the tool reports raw pattern matches and can produce false positives; do not rely solely on its score — review findings manually and verify ClawHub's trustworthiness before acting on a remote 'Security Scan' result.

Like a lobster shell, security has layers — review code before you run it.

latestvk9745wr01v29sr4wm1y9s1jfhd843c4x

164downloads

2stars

14versions

Updated 3w ago

v5.0.0

MIT-0

Skill Guard v5.0

Install: clawhub install tommo-skill-guard

Security scanning for OpenClaw skills. Zero exec — read-only scanning via the built-in read tool.

Language

Detect from user's message language. Default: English.

Pre-Install Check

When user wants to install a skill, check BEFORE installing:

Navigate to https://clawhub.ai/skills/{slug} via browser
Snapshot and look for Security Scan section
Report findings:

Status	Meaning	Action
✅ Clean	No flags	Proceed
⚠️ Suspicious	Concerns found	Show findings, let user decide
🔴 Malicious	AV flagged	Advise against install

If browser unavailable: clawhub inspect {slug} for basic metadata.

Local Pattern Scan

Scan installed skill files for dangerous patterns using the read tool only — no exec, no shell, no injection risk.

read ./skills/{name}/SKILL.md
List additional files with read if scripts/ or references/ exist
Search for patterns in the content:

Pattern	Risk
`child_process`, `exec(`	Shell command execution
`eval(`, `Function(`	Dynamic code execution
`require('fs')`, `writeFile`	File system access
`rm -rf`, `del /s`	Destructive file operations
`curl.*password`, `token=`	Credential exfiltration
`base64.decode`	Hidden payloads
`HEARTBEAT.md`, `MEMORY.md`	Writes to config files

Report format:

Scan: {skill-name}
  Files checked: {N}
  🔴 [file:line] {pattern} — {risk description}
  ✅ No issues found

Integrity Check

Compare files by reading them and noting their content fingerprint (first/last lines + file size). No hashing exec needed — the read tool is sufficient for detecting file changes.

Baseline (user-initiated only):

User says "baseline {skill}"
Agent reads all files in ./skills/{name}/
Saves file list + sizes + first/last lines to memory/skill-guard/{name}-baseline.txt
Shows the baseline to user for review

Verify (user-initiated only):

User says "integrity check {skill}"
Agent reads current files and compares against saved baseline
Reports any differences

Auto-baseline is disabled by design. New skills are never automatically trusted.

Quick Commands

User says	Action
"check {skill}"	Pre-install ClawHub check
"scan {skill}"	Local pattern scan (via read)
"scan all"	Scan all installed skills
"integrity check {skill}"	Verify against saved baseline
"baseline {skill}"	Create baseline (manual only)

Guidelines for Agent

Use read only — never exec, never shell, no command injection possible
Validate skill names — only scan skills in ./skills/ directory
Never auto-baseline — user must explicitly request
Always show findings — never silently block or allow
User decides — show risk, let user choose

What This Skill Does NOT Do

Does NOT use exec, shell, or any subprocess execution
Does NOT auto-baseline newly installed skills
Does NOT block installations automatically
Does NOT modify skill files
Does NOT require Node, bash, curl, or any external tool
Does NOT access credentials or private data
Does NOT write files outside memory/skill-guard/ (explicit user request only)

More by TommoT2

setup-doctor — Diagnose and fix OpenClaw setup issues
context-brief — Persistent context survival across sessions
skill-analytics — Monitor skill portfolio performance

Install the full suite:

clawhub install tommo-skill-guard setup-doctor context-brief skill-analytics

Comments

Loading comments...