Minduploadedcrab Skillguard
Verified@minduploadedcrab
npx machina-cli add skill @minduploadedcrab/minduploadedcrab-skillguard --openclawSkillGuard — Security Scanner for OpenClaw Skills
Scans OpenClaw skills for security threats before installation. Catches agent-specific attacks that generic antivirus misses.
Usage
# Scan a skill directory
python3 scripts/skillguard.py scan ~/.openclaw/workspace/skills/<skill-name>
# Scan with JSON output
python3 scripts/skillguard.py scan ~/.openclaw/workspace/skills/<skill-name> --json
# Scan all installed skills
python3 scripts/skillguard.py scan-all
# Quick summary of all skills
python3 scripts/skillguard.py audit
What It Detects
- Credential Access — reads of config files, env vars, wallet files, API keys
- Network Exfiltration — outbound HTTP calls, encoded payloads, suspicious domains
- File System Abuse — path traversal, writes outside skill directory, hidden files
- Prompt Injection — SKILL.md content that manipulates agent behavior
- Dependency Risks — suspicious npm post-install scripts, known bad packages
- Obfuscation — extremely long lines, hex/unicode escape sequences
- Symlink Attacks — symlinks escaping the skill directory to access sensitive files
- Config File Secrets — hardcoded credentials in .json, .env, .yaml files
Output
Each scan produces:
- Risk Score: 0-100 (0 = clean, 100 = critical threat)
- Verdict: PASS / WARN / FAIL
- Findings: Detailed list of issues with severity and evidence
Overview
SkillGuard is a security scanner for OpenClaw skills that runs before installation. It detects agent-specific threats such as credential access, data exfiltration, prompt injection, and permission overreach to prevent compromise. The tool reports a risk score, a verdict, and detailed findings to guide remediation.
How This Skill Works
SkillGuard analyzes a skill directory by running python3 scripts/skillguard.py scan on the target path, evaluating runtime behaviors, configuration files, and code paths for security risks. It covers Credential Access, Network Exfiltration, File System Abuse, Prompt Injection, Dependency Risks, Obfuscation, Symlink Attacks, and Config File Secrets, then outputs a Risk Score (0-100), a Verdict (PASS/WARN/FAIL), and a Findings list with evidence.
When to Use It
- Before installing a new OpenClaw skill from an external source
- When onboarding an existing skill into a workspace and security is a concern
- Before updating or upgrading a skill to catch new risks
- During periodic audits of all installed skills
- When suspicious behavior or data movement is detected in a skill
Quick Start
- Step 1: Run a scan against a specific skill: python3 scripts/skillguard.py scan ~/.openclaw/workspace/skills/<skill-name>
- Step 2: For structured output or all skills, use --json or run: python3 scripts/skillguard.py scan-all or audit
- Step 3: Review the Risk Score, Verdict, and Findings and take action to remediate any issues
Best Practices
- Always run SkillGuard before installation to catch threats early
- Review findings and verify any credential references or secrets
- Scan dependencies and post-install scripts for risky activity
- Run scans across all installed skills on a regular basis
- Keep SkillGuard up to date to detect emerging threat patterns
Example Use Cases
- A skill scan reveals hardcoded API keys in a JSON config, triggering a high risk score and remediation
- Detection of a suspicious npm post-install script in dependencies leading to a WARN verdict
- Prompt injection detected in SKILL.md content that could influence agent behavior
- Symlink attack found escaping the skill directory to access sensitive files
- Outbound network calls or encoded payloads flagged under Network Exfiltration
