ClawHub

Skill Guard

v5.0.0

Security scanner for OpenClaw agent skills. Pre-install check via ClawHub page, local pattern scanning via read tool (zero exec), integrity verification. Use...

1· 105·0 current·0 all-time
by@tommot2
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the instructions: it scans skill files under ./skills, performs a ClawHub page check, and optionally saves baselines. No unrelated credentials, binaries, or installs are requested. Note: the pre-install step references using a browser or the 'clawhub' CLI which are not declared as required; these are optional behaviours but may need network/browser support to be useful.
Instruction Scope
Instructions constrain the agent to use the built-in read tool (read-only) and only scan files in ./skills/, and to never auto-baseline. The SKILL.md also tells the agent to navigate to a ClawHub page (external web fetch) and to 'snapshot' it — snapshot storage is not specified. These external web checks are expected for a pre-install check but are outside the local filesystem scope.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest-risk install model. All scanning is done via local reads; nothing is downloaded or executed.
Credentials
No required environment variables, credentials, or config paths are declared or referenced. SKILL.md does not instruct reading unrelated env vars or secrets; scanning may reveal secrets present in skill files (expected behavior).
Persistence & Privilege
always:false and normal model-invocation. The only write behavior is user-initiated baselines saved under memory/skill-guard/, which the SKILL.md documents. The skill does not request system-wide config changes or other skills' settings.
Assessment
This appears coherent and read-only: it will read files under ./skills/ and check the ClawHub skill page before install. Before using it, confirm (1) your agent environment has network/browser access if you want the ClawHub pre-install check to run, (2) you are OK with the scanner reading all files in a skill (it may surface any hardcoded secrets present), and (3) where snapshots/baselines will be stored and whether those stored baselines may contain sensitive info. Remember the tool reports raw pattern matches and can produce false positives; do not rely solely on its score — review findings manually and verify ClawHub's trustworthiness before acting on a remote 'Security Scan' result.

Like a lobster shell, security has layers — review code before you run it.

auditvk9784yvvb2xb1fbtwj9cy19am983vz7sguardvk9784yvvb2xb1fbtwj9cy19am983vz7slatestvk9745wr01v29sr4wm1y9s1jfhd843c4xmalwarevk97axz3nj6whp3a3h7dhd0vdbd83t3gnpatternsvk9784yvvb2xb1fbtwj9cy19am983vz7spermissionsvk97axz3nj6whp3a3h7dhd0vdbd83t3gnreviewvk9784yvvb2xb1fbtwj9cy19am983vz7sriskvk97axz3nj6whp3a3h7dhd0vdbd83t3gnsafetyvk9784yvvb2xb1fbtwj9cy19am983vz7sscannervk9784yvvb2xb1fbtwj9cy19am983vz7ssecretsvk97axz3nj6whp3a3h7dhd0vdbd83t3gnsecurityvk9784yvvb2xb1fbtwj9cy19am983vz7sskillsvk9784yvvb2xb1fbtwj9cy19am983vz7svirustotalvk97axz3nj6whp3a3h7dhd0vdbd83t3gn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments