Awesome-openclaw-skills skillguard
Security scanner for AgentSkill packages. Scan skills for credential theft, code injection, prompt manipulation, data exfiltration, and evasion techniques before installing them. Use when evaluating skills from ClawHub or any untrusted source.
install
source · Clone the upstream repo
git clone https://github.com/sundial-org/awesome-openclaw-skills
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/sundial-org/awesome-openclaw-skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/skillguard" ~/.claude/skills/sundial-org-awesome-openclaw-skills-skillguard && rm -rf "$T"
OpenClaw · Install into ~/.openclaw/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/sundial-org/awesome-openclaw-skills "$T" && mkdir -p ~/.openclaw/skills && cp -r "$T/skills/skillguard" ~/.openclaw/skills/sundial-org-awesome-openclaw-skills-skillguard && rm -rf "$T"
manifest:
skills/skillguard/SKILL.mdsource content
SkillGuard — Agent Security Scanner
When asked to check, audit, or scan a skill for security, use SkillGuard.
Commands
Scan a local skill directory
node /home/claw/.openclaw/workspace/skillguard/src/cli.js scan <path>
Scan with compact output (for chat)
node /home/claw/.openclaw/workspace/skillguard/src/cli.js scan <path> --compact
Check text for prompt injection
node /home/claw/.openclaw/workspace/skillguard/src/cli.js check "<text>"
Batch scan multiple skills
node /home/claw/.openclaw/workspace/skillguard/src/cli.js batch <directory>
Scan a ClawHub skill by slug
node /home/claw/.openclaw/workspace/skillguard/src/cli.js scan-hub <slug>
Score Interpretation
- 80-100 ✅ LOW risk — safe to install
- 50-79 ⚠️ MEDIUM — review findings before installing
- 20-49 🟠 HIGH — significant security concerns
- 0-19 🔴 CRITICAL — do NOT install without manual review
Output Formats
- Default: full text report
: chat-friendly summary--compact
: machine-readable full report--json
: score and verdict only--quiet