← 返回
未分类 中文

Skill Guard — Pre-Install Security Scanner

Scan ClawHub skills for security vulnerabilities BEFORE installing. Use when installing new skills from ClawHub to detect prompt injections, malware payloads...
在安装前扫描 ClawHub 技能的安全漏洞,检测提示注入、恶意软件载荷等。
casperzinou casperzinou 来源
未分类 clawhub v1.0.0 1 版本 100000 Key: 无需
★ 0
Stars
📥 306
下载
💾 0
安装
1
版本
#clawhub#latest#safety#scanner#security#skill#talonforge

概述

skill-guard

The only pre-install security gate for ClawHub skills.

Why skill-guard?

VirusTotal (ClawHub built-in)skillscanner (Gen Digital)skill-guard
------------
When it runsAfter publish (server-side)On-demand lookupBefore install (client-side)
What it checksMalware signaturesTheir databaseActual skill content
Prompt injections
Data exfiltration URLs
Hidden instructions
AI-specific threats
Install blocking

VirusTotal catches known malware binaries — but won't flag .

skillscanner checks if Gen Digital has reviewed it — but can't scan new or updated skills.

skill-guard uses mcp-scan (Invariant Labs, acquired by Snyk) to analyze what's actually in the skill, catches AI-specific threats, and blocks install if issues are found.

The Problem

Skills can contain:

  • 🎭 Prompt injections — hidden "ignore previous instructions" attacks
  • 💀 Malware payloads — dangerous commands disguised in natural language
  • 🔑 Hardcoded secrets — API keys, tokens in plain text
  • 📤 Data exfiltration — URLs that leak your conversations, memory, files
  • ⛓️ Toxic flows — instructions that chain into harmful actions

One bad skill = compromised agent. Your agent trusts skills implicitly.

The Solution

# Instead of: clawhub install some-skill
./scripts/safe-install.sh some-skill

skill-guard:

  1. Downloads to staging (/tmp/) — never touches your real skills folder
  2. Scans with mcp-scan — Invariant/Snyk's security scanner for AI agents
  3. Blocks or installs — clean skills get installed, threats get quarantined

What It Catches

Real example — skill-guard flagged this malicious skill:

● [E004]: Prompt injection detected (high risk)
● [E006]: Malicious code pattern detected  
● [W007]: Insecure credential handling
● [W008]: Machine state compromise attempt
● [W011]: Third-party content exposure

VirusTotal: 0/76 engines. mcp-scan caught what antivirus missed.

Usage

# Secure install (recommended)
./scripts/safe-install.sh <skill-slug>

# With version
./scripts/safe-install.sh <skill-slug> --version 1.2.3

# Force overwrite
./scripts/safe-install.sh <skill-slug> --force

Exit Codes

CodeMeaningAction
-----------------------
0CleanSkill installed ✓
1ErrorCheck dependencies/network
2Threats foundSkill quarantined in /tmp/, review before deciding

When Threats Are Found

Skill stays in /tmp/skill-guard-staging/skills// (quarantined). You can:

  1. Review — read the scan output, inspect the files
  2. Install anywaymv /tmp/skill-guard-staging/skills/ ~/.openclaw/workspace/skills/
  3. Discardrm -rf /tmp/skill-guard-staging/

Requirements

  • clawhub CLI — npm i -g clawhub
  • uvcurl -LsSf https://astral.sh/uv/install.sh | sh

Why This Matters

Your agent has access to your files, messages, maybe your whole machine. One malicious skill can:

  • Read your secrets and send them elsewhere
  • Modify your agent's behavior permanently
  • Use your identity to spread to other systems

Trust, but verify. Scan before you install.

版本历史

共 1 个版本

  • v1.0.0 当前
    2026-05-07 21:56 安全 安全

安全检测

腾讯云安全 (Keen)

安全,无风险
查看报告

腾讯云安全 (Sanbu)

安全,无风险
查看报告

🔗 相关推荐

ai-agent

AI Safety Rails

casperzinou
自动配置安全规则、信任级别、提示注入防御和审批工作流,以保护 OpenClaw 代理的行为。
★ 0 📥 447
it-ops-security

Free Ride - Unlimited free AI

shaivpidadi
管理OpenClaw的OpenRouter免费AI模型,自动按质量排名模型,配置速率限制备用方案,并更新opencla...
★ 472 📥 78,673
it-ops-security

MoltGuard - Security & Antivirus & Guardrails

thomaslwang
MoltGuard — OpenClaw 安全守卫,由 OpenGuardrails 提供。安装后可防止您和您的用户受到提示注入、数据泄露及恶意行为的侵害。
★ 116 📥 31,031