profbernardoj/skillguard
skills/skillguard/SKILL.md
Security scanner for AgentSkill packages. Scan skills for credential theft, code injection, prompt manipulation, data exfiltration, and evasion techniques before installing them. Use when evaluating skills from ClawHub or any untrusted source.
development
Updated Jun 9, 2026
$ install --global
skillsauthnpx skillsauth add profbernardoj/baseclaw.ai skillguardInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 27, 2026, 8:49 AM64.6s28 files scanned
SKILL.md
- name:
- skillguard
- description:
- Security scanner for AgentSkill packages. Scan skills for credential theft, code injection, prompt manipulation, data exfiltration, and evasion techniques before installing them. Use when evaluating skills from ClawHub or any untrusted source.
- metadata:
- {"openclaw": {"requires": {"bins": ["node"]}}}
SkillGuard — Agent Security Scanner
When asked to check, audit, or scan a skill for security, use SkillGuard.
Trust Model (v0.3)
SkillGuard distinguishes between internal (trusted) and external (untrusted) skills:
- Internal skills — Skills under
~/.openclaw/workspace/skills/or~/.openclaw/workspace/claw-repos/. These are skills we authored ourselves. - External skills — Everything else (ClawHub downloads, third-party packages, etc.)
Why it matters
Internal skills legitimately use patterns like exec(), process.env.API_KEY, fetch(), and writeFile() — that's infrastructure code doing its job. Flagging those as "suspicious" creates noise that buries real issues.
For internal skills, SkillGuard uses vulnerability-focused scanning:
- ✅ Still flags: hardcoded secrets, reverse shells, pickle deserialization, unsafe YAML, actual code obfuscation, prompt injection in operational code
- ❌ Suppresses: "uses exec", "reads env vars", "makes HTTP requests", "writes files", "references private keys" (in wallet tools), "uses sudo" (in setup scripts), behavioral compound signatures
For external skills, full paranoid threat-model scanning applies — every pattern is treated as potentially malicious.
Overriding trust
Use --untrusted to force external mode on an internal skill:
node src/cli.js scan /path/to/skill --untrusted
Commands
Scan a local skill directory
node /home/claw/.openclaw/workspace/skillguard/src/cli.js scan <path>
Scan with compact output (for chat)
node /home/claw/.openclaw/workspace/skillguard/src/cli.js scan <path> --compact
Check text for prompt injection
node /home/claw/.openclaw/workspace/skillguard/src/cli.js check "<text>"
Batch scan multiple skills
node /home/claw/.openclaw/workspace/skillguard/src/cli.js batch <directory>
Scan a ClawHub skill by slug
node /home/claw/.openclaw/workspace/skillguard/src/cli.js scan-hub <slug>
Score Interpretation
- 80-100 ✅ LOW risk — safe to install
- 50-79 ⚠️ MEDIUM — review findings before installing
- 20-49 🟠 HIGH — significant security concerns
- 0-19 🔴 CRITICAL — do NOT install without manual review
Output Formats
- Default: full text report
--compact: chat-friendly summary--json: machine-readable full report--quiet: score and verdict only
Related Skills
profbernardoj/relationships
development
VerifiedTrustedCommunity
Relationship CRM for tracking people, connections, and context. Categories: family, close_friends, church_friends, colleagues, broader_community, strangers, bad_actors, unknown. Use to add, search, list, or update people in the user's network.
SKILL.mdUpdated Jun 9, 2026
profbernardoj/pii-guard
tools
VerifiedTrustedCommunity
Personally identifiable information (PII) leak prevention for EverClaw. Scans outbound content against configurable PII patterns before git push, email, social media, ClawHub publishing, GitHub interactions, or any external data transmission. Provides git pre-push hooks, CLI scanning tools, and hard-block enforcement with user override capability. Use when checking content for PII before external actions, adding new protected patterns, configuring git pre-push hooks, or auditing data leak prevention.
SKILL.mdUpdated May 29, 2026
profbernardoj/night-shift
testing
VerifiedTrustedCommunity
Automated overnight task planning and execution engine for EverClaw. Generates prioritized action lists at 9:30 PM CST for the 10 PM–6 AM window, requires human approval before execution, enforces safety boundaries on allowed task types, and updates Mission Control dashboard at shift end. Use when planning overnight autonomous work, configuring night shift cron jobs, reviewing morning progress reports, or setting task approval policies.
SKILL.mdUpdated May 29, 2026
profbernardoj/bagman
development
VerifiedTrustedCommunity
Secure key management for AI agents. Use when handling private keys, API secrets, wallet credentials, or when building systems that need agent-controlled funds. Covers secure storage, session keys, leak prevention, prompt injection defense, and MetaMask Delegation Framework integration.
SKILL.mdUpdated May 25, 2026