OpenSkillIndex← back to search
claude-code

Skills mayguard

A security auditor for agent skills. Scans skill directories for malicious patterns (credential theft, suspicious network calls, destructive commands) and provides a safety score. Use before installing unknown skills.

install
source · Clone the upstream repo
git clone https://github.com/openclaw/skills
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/openclaw/skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/balkanblbn/mayguard" ~/.claude/skills/clawdbot-skills-mayguard && rm -rf "$T"
manifest: skills/balkanblbn/mayguard/SKILL.md
source content

MayGuard: Security Auditor 🛡️

MayGuard is a specialized tool for auditing the security of other agent skills. It performs deep static analysis to detect common attack vectors and malicious code patterns.

🌟 Key Features

  • Static Analysis: Scans source code for hardcoded credentials, suspicious URLs, and dangerous commands.
  • Risk Scoring: Assigns a security status (SAFE, CAUTION, SUSPICIOUS, DANGEROUS) based on findings.
  • Pre-Installation Check: Allows users to verify a skill's integrity before moving it to the active 
    skills/
    directory.

🛠️ How to Use

1. Auditing a Skill

To audit a downloaded skill directory, run the provided script:

python3 scripts/audit.py <path_to_skill_directory>

2. Output Report

The script will output a summary including:

  • Status: The overall safety rating.
  • Risk Score: Numerical representation of detected threats.
  • Findings: Specific files and patterns that triggered warnings.

3. JSON Output

For integration with other tools, use the 

--json
flag:

python3 scripts/audit.py <path> --json

🛡️ Security Patterns Monitored

ClawGuard maintains a database of threat patterns in 

references/threat_patterns.json
, including:

  • Credential Theft: Access to 
    .env
    , SSH keys, or config files.
  • Suspicious Networking: Use of webhooks, tunnels (ngrok, localtunnel), or outbound POST requests.
  • Destructive Commands: 
    rm -rf /
    , disk formatting, or privilege escalation.
  • Obfuscation: Use of 
    eval
    , 
    exec
    , or base64 decoding to hide logic.

🤝 Community Responsibility

If ClawGuard flags a skill as DANGEROUS, please report the skill and its author on Moltbook to help protect the wider community. 🦞

Built with ❤️ by maymun & Balkan.