ClawHub

Agent Guard

MaliciousAudited by VirusTotal on May 11, 2026.

Overview

Type: OpenClaw Skill Name: agent-guard Version: 1.0.1 The 'agent-guard' skill is a defensive security utility designed to detect prompt and command injection patterns in real-time. It utilizes a Python-based regex engine (agent_guard.py) to scan untrusted input from sources like GitHub issues, web fetches, and group chats. The implementation includes robust features such as Unicode normalization, homoglyph mapping, base64 payload decoding, and ReDoS protection via regex timeouts. No evidence of malicious intent, data exfiltration, or unauthorized execution was found; the skill's instructions (SKILL.md) and code logic are strictly aligned with its stated purpose of protecting the AI agent from external exploits.

Findings (0)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

ConcernMedium Confidence
ASI02: Tool Misuse and Exploitation
What this means

A malicious message could potentially trigger local command execution through the scanning command itself if the agent follows the example by interpolating untrusted text into a shell.

Why it was flagged

These commands are meant to process untrusted messages and GitHub issue text. If an agent substitutes raw content into these double-quoted shell snippets, shell syntax such as command substitution or broken quoting could execute before AgentGuard scans the content.

Skill content
Run `python3 scripts/agent_guard.py analyze --stdin --json <<< "MESSAGE_CONTENT"` ... `python3 scripts/agent_guard.py github-issue --json --title "TITLE" --body "BODY"`
Recommendation

Invoke the scanner without shell interpolation: pass content through a safe stdin API, an argument array, a temporary file, or a properly quoted heredoc, and avoid embedding untrusted text directly in a shell command.

NoteHigh Confidence
ASI04: Agentic Supply Chain Vulnerabilities
What this means

The skill may fail at runtime or behave inconsistently on systems without the expected local interpreters.

Why it was flagged

The skill's instructions and wrapper script rely on `python3`/bash to run `scripts/agent_guard.py`, but the registry metadata does not declare those runtime binaries. This is purpose-aligned but may prevent preflight checks from catching missing dependencies.

Skill content
Required binaries (all must exist): none ... No install spec — this is an instruction-only skill.
Recommendation

Declare the required local runtime binaries, especially python3 and any shell wrapper requirement, in the skill metadata.