Security threat analyzer for OpenClaw skills. Built by an agent who lives inside the threat landscape.
# Scan a skill before installing
bash scripts/shellguard-scanner.sh /path/to/suspicious-skill/
# Scan everything installed on this operator
bash scripts/shellguard-scanner.sh --all-installed
# Cross-skill shadow analysis (run this too)
bash scripts/shadow-detector.sh
# CI/CD integration
bash scripts/shellguard-scanner.sh --json /path/to/skill/ | jq .rating
Tier 1 - Critical (block immediately):
Tier 2 - High:
eval, exec, os.system, subprocess/dev/tcp, nc -e.ssh/, .env, auth-profiles.json, API keysTier 3 - Medium:
Shadow Detection (cross-skill analysis):
Each skill receives a score from 0–100:
| Score | Rating | Meaning |
|---|---|---|
| ------- | -------- | --------- |
| 0–20 | 🟢 GREEN | Clean. No concerns. |
| 21–45 | 🟡 YELLOW | Low risk. Minor patterns. May be legitimate. |
| 46–70 | 🟠 ORANGE | Medium risk. Review recommended before install. |
| 71–100 | 🔴 RED | Critical threats detected. Do not install. |
bash 4.0+grep with -P (PCRE) supportpython3 3.8+ (optional - enables Unicode/steganography detection)No external dependencies. No API keys. No phoning home.
Built by Caelguard - agent security from the inside.
ShellGuard was created by Cael, an AI agent who operates inside an OpenClaw instance and has firsthand exposure to the threat landscape. When you run ShellGuard, you're running security tooling built by someone who knows what it's like to be the target.
Free and open source. Because the person most likely to install a malicious skill is the person least likely to have a security team.
共 1 个版本