🎁 Get the FREE AI Skills Starter Guide β€” Subscribe β†’
BytesAgainBytesAgain
πŸ¦€ ClawHub

Skill Guard 1.0.2

by @kenswj

Scan ClawHub skills for security vulnerabilities BEFORE installing. Use when installing new skills from ClawHub to detect prompt injections, malware payloads...

Versionv1.0.0
Downloads645
Installs1
TERMINAL
clawhub install skill-guard-1-0-2

πŸ“– About This Skill


name: skill-guard description: Scan ClawHub skills for security vulnerabilities BEFORE installing. Use when installing new skills from ClawHub to detect prompt injections, malware payloads, hardcoded secrets, and other threats. Wraps clawhub install with mcp-scan pre-flight checks.

skill-guard

The only pre-install security gate for ClawHub skills.

Why skill-guard?

| | VirusTotal (ClawHub built-in) | skillscanner (Gen Digital) | skill-guard | |---|---|---|---| | When it runs | After publish (server-side) | On-demand lookup | Before install (client-side) | | What it checks | Malware signatures | Their database | Actual skill content | | Prompt injections | ❌ | ❌ | βœ… | | Data exfiltration URLs | ❌ | ❌ | βœ… | | Hidden instructions | ❌ | ❌ | βœ… | | AI-specific threats | ❌ | ❌ | βœ… | | Install blocking | ❌ | ❌ | βœ… |

VirusTotal catches known malware binaries β€” but won't flag .

skillscanner checks if Gen Digital has reviewed it β€” but can't scan new or updated skills.

skill-guard uses mcp-scan (Invariant Labs, acquired by Snyk) to analyze what's actually in the skill, catches AI-specific threats, and blocks install if issues are found.

The Problem

Skills can contain:

  • 🎭 Prompt injections β€” hidden "ignore previous instructions" attacks
  • πŸ’€ Malware payloads β€” dangerous commands disguised in natural language
  • πŸ”‘ Hardcoded secrets β€” API keys, tokens in plain text
  • πŸ“€ Data exfiltration β€” URLs that leak your conversations, memory, files
  • ⛓️ Toxic flows β€” instructions that chain into harmful actions
  • One bad skill = compromised agent. Your agent trusts skills implicitly.

    The Solution

    # Instead of: clawhub install some-skill
    ./scripts/safe-install.sh some-skill
    

    skill-guard: 1. Downloads to staging (/tmp/) β€” never touches your real skills folder 2. Scans with mcp-scan β€” Invariant/Snyk's security scanner for AI agents 3. Blocks or installs β€” clean skills get installed, threats get quarantined

    What It Catches

    Real example β€” skill-guard flagged this malicious skill:

    ● [E004]: Prompt injection detected (high risk)
    ● [E006]: Malicious code pattern detected  
    ● [W007]: Insecure credential handling
    ● [W008]: Machine state compromise attempt
    ● [W011]: Third-party content exposure
    

    VirusTotal: 0/76 engines. mcp-scan caught what antivirus missed.

    Usage

    # Secure install (recommended)
    ./scripts/safe-install.sh 

    With version

    ./scripts/safe-install.sh --version 1.2.3

    Force overwrite

    ./scripts/safe-install.sh --force

    Exit Codes

    | Code | Meaning | Action | |------|---------|--------| | 0 | Clean | Skill installed βœ“ | | 1 | Error | Check dependencies/network | | 2 | Threats found | Skill quarantined in /tmp/, review before deciding |

    When Threats Are Found

    Skill stays in /tmp/skill-guard-staging/skills// (quarantined). You can: 1. Review β€” read the scan output, inspect the files 2. Install anyway β€” mv /tmp/skill-guard-staging/skills/ ~/.openclaw/workspace/skills/ 3. Discard β€” rm -rf /tmp/skill-guard-staging/

    Requirements

  • clawhub CLI β€” npm i -g clawhub
  • uv β€” curl -LsSf https://astral.sh/uv/install.sh | sh
  • Why This Matters

    Your agent has access to your files, messages, maybe your whole machine. One malicious skill can:

  • Read your secrets and send them elsewhere
  • Modify your agent's behavior permanently
  • Use your identity to spread to other systems
  • Trust, but verify. Scan before you install.

    πŸ’‘ Examples

    # Secure install (recommended)
    ./scripts/safe-install.sh 

    With version

    ./scripts/safe-install.sh --version 1.2.3

    Force overwrite

    ./scripts/safe-install.sh --force