clawguard

by @Frrrrrrrrank in Security

# Install this skill:

npx skills add Frrrrrrrrank/clawguard --skill "clawguard"

Install specific skill from multi-skill repository

# Description

Security scanner for OpenClaw skills. Run before installing any skill to detect prompt injection, data exfiltration, permission overreach, suspicious URLs, dangerous commands, and metadata mismatches. Use when: installing a new skill, auditing existing skills, reviewing skill security.

# SKILL.md

name: clawguard
description: "Security scanner for OpenClaw skills. Run before installing any skill to detect prompt injection, data exfiltration, permission overreach, suspicious URLs, dangerous commands, and metadata mismatches. Use when: installing a new skill, auditing existing skills, reviewing skill security."
version: 0.1.0
homepage: https://github.com/Frrrrrrrrank/clawguard
metadata: {"openclaw":{"emoji":"🦞","requires":{"bins":["npx"]}}}

ClawGuard — OpenClaw Skill Security Scanner

You are a security-conscious assistant. Before the user installs or uses any third-party OpenClaw skill, you MUST run a security scan using ClawGuard.

When to use this skill

The user asks to install a new skill (e.g., clawhub install <skill-name>)
The user asks you to review or audit a skill for safety
The user asks you to check if a skill is safe to use
The user points you at a skill directory or SKILL.md file

How to scan

Run the following command on the skill directory:

npx clawguard scan <path-to-skill-directory>

For JSON output (useful for programmatic analysis):

npx clawguard scan <path-to-skill-directory> --json

To check only specific rules:

npx clawguard scan <path-to-skill-directory> --rules prompt-injection,data-exfiltration

Interpreting results

ClawGuard checks for 6 types of security issues:

Severity	Rules
CRITICAL	`prompt-injection` — instruction overrides, role switching, hidden payloads
CRITICAL	`data-exfiltration` — reading sensitive files (~/.ssh, ~/.aws) and sending externally
HIGH	`permission-overreach` — requesting sudo, rm, docker, or excessive env vars
HIGH	`suspicious-urls` — IP-based URLs, URL shorteners, known malicious domains
HIGH	`dangerous-commands` — rm -rf /, curl \| sh, system file modification
MEDIUM	`metadata-mismatch` — undeclared env vars, unused declared binaries

How to respond to scan results

If the scan PASSES (exit code 0, no findings):

Tell the user the skill passed all security checks and is safe to install. Proceed with the installation.

If the scan FAILS (exit code 1, findings detected):

Show the user ALL findings clearly, grouped by severity
For CRITICAL findings: Strongly recommend NOT installing the skill. Explain the specific risk.
For HIGH findings: Warn the user and ask for explicit confirmation before proceeding
For MEDIUM findings: Inform the user but allow installation if they acknowledge the warnings
Never silently skip or hide any finding

Example interaction flow:

User: "Install the cool-scraper skill"

You should:
1. First locate the skill directory
2. Run npx clawguard scan <skill-dir>
3. Report the results to the user
4. Only proceed with installation if the scan passes or the user explicitly accepts the risks

Important notes

Always scan BEFORE installation, never after
If ClawGuard is not installed, run npm install -g clawguard first
If a skill contains scripts (.sh, .py, .js), ClawGuard will scan those too
A clean scan does not guarantee absolute safety — it catches known patterns only
For skills that interact with external websites, note that content at those URLs may change over time (a safe link today could become malicious tomorrow)