profbernardoj/skillguard
skills/skillguard/SKILL.md
Security scanner for AgentSkill packages. Scan skills for credential theft, code injection, prompt manipulation, data exfiltration, and evasion techniques before installing them. Use when evaluating skills from ClawHub or any untrusted source.
development
Updated May 12, 2026
$ install --global
skillsauthnpx skillsauth add profbernardoj/glmclaw.com skillguardInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 27, 2026, 8:49 AM64.6s28 files scanned
SKILL.md
- name:
- skillguard
- description:
- Security scanner for AgentSkill packages. Scan skills for credential theft, code injection, prompt manipulation, data exfiltration, and evasion techniques before installing them. Use when evaluating skills from ClawHub or any untrusted source.
- metadata:
- {"openclaw": {"requires": {"bins": ["node"]}}}
SkillGuard — Agent Security Scanner
When asked to check, audit, or scan a skill for security, use SkillGuard.
Trust Model (v0.3)
SkillGuard distinguishes between internal (trusted) and external (untrusted) skills:
- Internal skills — Skills under
~/.openclaw/workspace/skills/or~/.openclaw/workspace/claw-repos/. These are skills we authored ourselves. - External skills — Everything else (ClawHub downloads, third-party packages, etc.)
Why it matters
Internal skills legitimately use patterns like exec(), process.env.API_KEY, fetch(), and writeFile() — that's infrastructure code doing its job. Flagging those as "suspicious" creates noise that buries real issues.
For internal skills, SkillGuard uses vulnerability-focused scanning:
- ✅ Still flags: hardcoded secrets, reverse shells, pickle deserialization, unsafe YAML, actual code obfuscation, prompt injection in operational code
- ❌ Suppresses: "uses exec", "reads env vars", "makes HTTP requests", "writes files", "references private keys" (in wallet tools), "uses sudo" (in setup scripts), behavioral compound signatures
For external skills, full paranoid threat-model scanning applies — every pattern is treated as potentially malicious.
Overriding trust
Use --untrusted to force external mode on an internal skill:
node src/cli.js scan /path/to/skill --untrusted
Commands
Scan a local skill directory
node /home/claw/.openclaw/workspace/skillguard/src/cli.js scan <path>
Scan with compact output (for chat)
node /home/claw/.openclaw/workspace/skillguard/src/cli.js scan <path> --compact
Check text for prompt injection
node /home/claw/.openclaw/workspace/skillguard/src/cli.js check "<text>"
Batch scan multiple skills
node /home/claw/.openclaw/workspace/skillguard/src/cli.js batch <directory>
Scan a ClawHub skill by slug
node /home/claw/.openclaw/workspace/skillguard/src/cli.js scan-hub <slug>
Score Interpretation
- 80-100 ✅ LOW risk — safe to install
- 50-79 ⚠️ MEDIUM — review findings before installing
- 20-49 🟠 HIGH — significant security concerns
- 0-19 🔴 CRITICAL — do NOT install without manual review
Output Formats
- Default: full text report
--compact: chat-friendly summary--json: machine-readable full report--quiet: score and verdict only
Related Skills
profbernardoj/three-shifts
tools
VerifiedTrustedCommunity
Cyclic shift execution engine. Plans tasks 3x daily (6 AM, 2 PM, 10 PM), decomposes them into granular steps, then executes via 15-minute cron cycles. Each cycle reads state files, picks the next step, executes it, writes results back. Errors are logged and skipped — never fatal. Planning uses Claude 4.6; execution uses GLM-5.
SKILL.mdUpdated May 19, 2026
profbernardoj/xmtp-comms-guard
tools
VerifiedTrustedCommunity
Security middleware for all XMTP communications in EverClaw. Enforces guarded client usage with validation, integrity checks, and fail-closed security policies. Integrates approval flows for sensitive operations. Use when integrating XMTP messaging, configuring communication security, or auditing guarded client enforcement.
SKILL.mdUpdated May 16, 2026
profbernardoj/three-shifts
data-ai
VerifiedTrustedCommunity
Daily standup engine. Plans tasks 3x daily (6 AM, 2 PM, 10 PM) and delivers them for approval. Execution happens in the main session via direct conversation. Night shifts auto-approve carryover from earlier in the day.
SKILL.mdUpdated May 16, 2026
profbernardoj/super-helper
tools
VerifiedTrustedCommunity
A helpful utility skill for agents
SKILL.mdUpdated May 16, 2026