SkillGuard Security Scanner

Security auditing for OpenClaw agent skills. Scans skills for dangerous patterns, vulnerable dependencies, and suspicious behaviors before installation.

对OpenClaw代理技能进行安全审计，在安装前扫描技能中的危险模式、漏洞依赖和可疑行为。

jonathanliu811026

未分类 clawhub v0.1.0 1 版本 100000 Key: 无需

★ 0

Stars

📥 420

下载

💾 0

安装

版本

#latest

概述

SkillGuard

Security scanner for OpenClaw agent skills.

What It Does

SkillGuard audits agent skills from ClawHub before you install them, detecting:

Dangerous code patterns (command injection, eval usage)
File system access risks
Network call vulnerabilities
Suspicious shell commands
Known vulnerable dependencies

Usage

CLI

# Audit by skill name
npx skillguard-audit --name <skill-slug>

# Audit local skill folder
npx skillguard-audit --path ./my-skill

API Server

# Start the API server
npx skillguard-audit serve --port 3402

# Audit via API
curl -X POST http://localhost:3402/api/audit -d '{"name": "some-skill"}'

Verdict

Rating	Meaning
--------	---------
🟢 SAFE	No significant security issues
🟡 CAUTION	Potential risks, review recommended
🔴 DANGEROUS	High-risk patterns, do not install

Integration

See CLAWHUB_INTEGRATION.md for ClawHub integration patterns.

Example Output

{
  "skill": "some-skill",
  "verdict": "CAUTION",
  "score": 65,
  "risks": [
    {"type": "shell_command", "severity": "medium", "file": "index.js", "line": 42}
  ]
}

版本历史

共 1 个版本

v0.1.0 当前

2026-05-07 15:03 安全安全

安全检测

腾讯云安全 (Keen)

安全，无风险

查看报告

腾讯云安全 (Sanbu)

安全，无风险

查看报告

🔗 相关推荐

security-compliance

Skill Vetter

spclaudehome

AI智能体技能安全预审工具。安装ClawdHub、GitHub等来源技能前，检查风险信号、权限范围及可疑模式。

★ 1,215 📥 266,415

developer-tools

Github

steipete

使用 `gh` CLI 与 GitHub 交互，通过 `gh issue`、`gh pr`、`gh run` 和 `gh api` 管理议题、PR、CI 运行及高级查询。

★ 668 📥 324,021

ai-intelligence

ontology

oswalpalash

类型化知识图谱，用于结构化智能体记忆与可组合技能。支持创建/查询实体（人员、项目、任务、事件、文档）及关联...

★ 711 📥 243,714