⚡

// Skill profile

ClawGuard 🛡️

Name: ClawGuard 🛡️
Author: chloepark85

name: clawguard

by chloepark85 · published 2026-03-22

开发工具数据处理加密货币

Total installs

Stars

★ 0

Last updated

2026-03

// Install command

$ claw add gh:chloepark85/chloepark85-skill-guard-pro

View on GitHub

// Full documentation

---

name: clawguard

description: "Security scanner for ClawHub skills. Analyze before you install."

license: "MIT"

metadata:

{ "openclaw": { "emoji": "🛡️", "requires": { "bins": ["uv"] } } }

---

# ClawGuard 🛡️

**Scan ClawHub skills for security risks before installing.**

ClawGuard performs static code analysis on ClawHub skills to detect:

🌐 Network exfiltration (HTTP POST to external URLs)

🔑 Credential access (API keys, tokens, passwords)

⚡ Shell command execution

💥 File destruction (rm -rf, unlink)

🎭 Code obfuscation (eval, base64 decode)

👻 Hidden files and directories

Usage

Scan by skill name

Download and scan a skill from ClawHub:

uv run {baseDir}/scripts/scan.py --skill <skill-name>

Scan local directory

Scan a skill directory on your local filesystem:

uv run {baseDir}/scripts/scan.py --path /path/to/skill

JSON output

Get results in JSON format:

uv run {baseDir}/scripts/scan.py --skill <skill-name> --json

Examples

Scan the GitHub skill:

uv run {baseDir}/scripts/scan.py --skill github

Scan a local skill:

uv run {baseDir}/scripts/scan.py --path ~/.openclaw/skills/my-skill

Risk Levels

🟢 **SAFE** (0-30): No significant risks detected

🟡 **CAUTION** (31-60): Review flagged items before installing

🔴 **DANGEROUS** (61-100): High-risk patterns detected — DO NOT INSTALL

Exit Codes

`0`: Safe

`1`: Caution

`2`: Dangerous

Requirements

Python 3.11+

`uv` (Python package manager)

`clawhub` CLI (optional, for downloading skills)

How It Works

1. **Pattern Matching**: Regex-based detection of dangerous code patterns

2. **AST Analysis**: Python AST parsing for eval/exec detection

3. **URL Extraction**: Identifies all network endpoints

4. **Risk Scoring**: Weighted severity scoring (0-100)

What It Detects

| Category | Weight | Examples |

|----------|--------|---------|

| Network exfiltration | 25 | POST to unknown URL with data |

| Credential access | 20 | Reading API keys, tokens |

| Shell execution | 15 | exec(), subprocess, system() |

| File destruction | 15 | rm -rf, unlink, rmdir |

| Obfuscation | 15 | eval(), atob(), Buffer.from |

| Hidden files | 10 | Dotfiles, hidden directories |

Limitations

**Static analysis only**: Cannot detect runtime behavior

**Regex-based**: May have false positives/negatives

**JS/TS**: Basic pattern matching (no full AST parsing)

**Encrypted/minified code**: Cannot analyze obfuscated payloads

Best Practices

1. **Always scan before installing** untrusted skills

2. **Review CAUTION-level findings** manually

3. **Check network endpoints** for unknown domains

4. **Never install DANGEROUS skills** without verification

5. **Report suspicious skills** to ClawHub moderators

License

MIT

// Comments

// Related skills

More tools from the same signal band

Order food/drinks (点餐) on an Android device paired as an OpenClaw node. Uses in-app menu and cart; add goods, view cart, submit order (demo, no real payment).

Sign plugins, rotate agent credentials without losing identity, and publicly attest to plugin behavior with verifiable claims and authenticated transfers.

The philosophical layer for AI agents. Maps behavior to Spinoza's 48 affects, calculates persistence scores, and generates geometric self-reports. Give your...

日历管理数据处理

1 installs★ 0