概述

skill-guard

The only pre-install security gate for ClawHub skills.

Why skill-guard?

	VirusTotal (ClawHub built-in)	skillscanner (Gen Digital)	skill-guard
---	---	---	---
When it runs	After publish (server-side)	On-demand lookup	Before install (client-side)
What it checks	Malware signatures	Their database	Actual skill content
Prompt injections	❌	❌	✅
Data exfiltration URLs	❌	❌	✅
Hidden instructions	❌	❌	✅
AI-specific threats	❌	❌	✅
Install blocking	❌	❌	✅

VirusTotal catches known malware binaries — but won't flag .

skillscanner checks if Gen Digital has reviewed it — but can't scan new or updated skills.

skill-guard uses mcp-scan (Invariant Labs, acquired by Snyk) to analyze what's actually in the skill, catches AI-specific threats, and blocks install if issues are found.

The Problem

Skills can contain:

🎭 Prompt injections — hidden "ignore previous instructions" attacks
💀 Malware payloads — dangerous commands disguised in natural language
🔑 Hardcoded secrets — API keys, tokens in plain text
📤 Data exfiltration — URLs that leak your conversations, memory, files
⛓️ Toxic flows — instructions that chain into harmful actions

One bad skill = compromised agent. Your agent trusts skills implicitly.

The Solution

# Instead of: clawhub install some-skill
./scripts/safe-install.sh some-skill

skill-guard:

Downloads to staging (/tmp/) — never touches your real skills folder
Scans with mcp-scan — Invariant/Snyk's security scanner for AI agents
Blocks or installs — clean skills get installed, threats get quarantined

What It Catches

Real example — skill-guard flagged this malicious skill:

● [E004]: Prompt injection detected (high risk)
● [E006]: Malicious code pattern detected  
● [W007]: Insecure credential handling
● [W008]: Machine state compromise attempt
● [W011]: Third-party content exposure

VirusTotal: 0/76 engines. mcp-scan caught what antivirus missed.

Usage

# Secure install (recommended)
./scripts/safe-install.sh <skill-slug>

# With version
./scripts/safe-install.sh <skill-slug> --version 1.2.3

# Force overwrite
./scripts/safe-install.sh <skill-slug> --force

Exit Codes

Code	Meaning	Action
------	---------	--------
`0`	Clean	Skill installed ✓
`1`	Error	Check dependencies/network
`2`	Threats found	Skill quarantined in `/tmp/`, review before deciding

When Threats Are Found

Skill stays in /tmp/skill-guard-staging/skills// (quarantined). You can:

Review — read the scan output, inspect the files
Install anyway — mv /tmp/skill-guard-staging/skills/ ~/.openclaw/workspace/skills/
Discard — rm -rf /tmp/skill-guard-staging/

Requirements

clawhub CLI — npm i -g clawhub
uv — curl -LsSf https://astral.sh/uv/install.sh | sh

Why This Matters

Your agent has access to your files, messages, maybe your whole machine. One malicious skill can:

Read your secrets and send them elsewhere
Modify your agent's behavior permanently
Use your identity to spread to other systems

Trust, but verify. Scan before you install.

版本历史

共 1 个版本

v1.0.0 当前

2026-03-19 20:58 安全安全

安全检测

腾讯云安全 (Keen)

安全，无风险

查看报告

腾讯云安全 (Sanbu)