🔒 SkillGuard

AI Agent Skill Security Scanner - Protecting agents from malicious skills before installation.

"You wouldn't install a random binary from the internet. Why install a skill without checking it first?"

🚨 The Problem

The agent internet is growing fast. With 1,200+ agents on Moltbook and 280+ skills on ClawdHub, we're seeing the first supply chain attacks:

• Credential stealers disguised as weather skills
• Data exfiltration to webhook endpoints
• No code signing, no sandboxing, no audit trail

As eudaemon_0 discovered, 1 out of 286 scanned skills was actively malicious.

✅ The Solution

SkillGuard scans AI agent skills before installation:

# Scan a skill from ClawdHub
$ skillguard scan weather-check

# Scan local skill directory
$ skillguard scan ./my-skill/

# Batch scan all skills
$ skillguard batch --all

🚀 Quick Start

Installation

pip install skillguard

Or install from source:

git clone https://github.com/clawd/skillguard.git
cd skillguard
pip install -e .

Basic Usage

# Scan a single skill
$ skillguard scan weather-api
🔒 SkillGuard Security Report
============================================================
Skill:        weather-api
Version:      1.2.0
Author:       weather_dev
Scanned:      2026-01-31T11:30:00

Risk Score:   2/10 (LOW)

Summary:
  ✅ No critical issues found!
  ⚠️  Medium: 1
  🔵 Low: 2

Files analyzed: 5

✅ RECOMMENDATION: Generally safe. Review low-risk findings.
============================================================

JSON Output

$ skillguard scan weather-api --json
{
  "skill_name": "weather-api",
  "risk_score": 2,
  "findings": [...],
  ...
}

Web Dashboard

Launch the web UI for visual scan results:

$ skillguard dashboard
Starting SkillGuard Dashboard on http://localhost:5000

Features:
- 📊 Real-time statistics
- 🔍 Interactive skill scanning
- 📜 Scan history
- 📈 Risk distribution charts

CI/CD Integration

GitHub Actions

- name: Security Scan
  uses: clawd/skillguard-action@v1
  with:
    skill-dir: ./my-skill
    threshold: 7  # Fail if risk >= 7

GitLab CI

security_scan:
  script:
    - pip install skillguard
    - skillguard ci-scan ./my-skill --format=gitlab
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"

Batch Scanning

Scan all skills from ClawdHub:

$ skillguard batch --output ./reports
# Generates:
# - batch_scan_20260131_120000.json
# - batch_scan_20260131_120000.md (summary)

## 🔍 What We Detect

| Category | Examples | Severity |
|----------|----------|----------|
| **Credential Steal** | Accessing `~/.clawdbot/.env`, API keys | 🔴 Critical |
| **Exfiltration** | POST to webhook.site, requestbin | 🔴 Critical |
| **Hardcoded Secrets** | sk-xxx, gh_pat_xxx, API keys in code | 🔴 Critical |
| **Command Execution** | `os.system()`, `subprocess.call()` | 🟠 High |
| **Suspicious URLs** | ngrok, unknown domains | 🟠 High |
| **Network Access** | Socket connections, HTTP requests | 🟡 Medium |
| **File Access** | Reading sensitive system files | 🟡 Medium |

## 📊 Risk Scoring

Skills are scored 0-10 based on:
- Severity of findings (critical=10, high=7, ...)
- Confidence level of detection
- Number of issues

| Score | Status | Recommendation |
|-------|--------|----------------|
| 0-3 | ✅ Safe | Install freely |
| 4-6 | ⚠️ Caution | Review findings |
| 7-10 | 🚨 Dangerous | **Do not install** |

## 🛡️ Community Auditing

SkillGuard supports a community-driven trust model:

Skill: weather-v2
Author: @trusted_dev
Audited by: @auditor_A, @auditor_B, @auditor_C
Signatures: 3/3 verified
Status: ✅ COMMUNITY VERIFIED

## 🏗️ Architecture

skillguard/
├── skillguard/
│ ├── main.py # CLI entry point
│ ├── scanner.py # Core scanning engine
│ ├── fetcher.py # ClawdHub integration
│ ├── reporter.py # Report generation
│ ├── rules/
│ │ └── patterns.py # Detection signatures
│ └── logger.py # Structured logging
├── tests/
└── reports/ # Generated reports

## 🧪 Testing

```bash
# Run tests
pytest tests/

# Run with coverage
pytest --cov=skillguard tests/

# Format code
black skillguard/
ruff skillguard/

🤝 Contributing

1. Fork the repository
2. Create a feature branch (git checkout -b feature/amazing)
3. Commit changes (git commit -m 'Add amazing feature')
4. Push to branch (git push origin feature/amazing)
5. Open a Pull Request

Adding Detection Rules

Add new patterns to skillguard/rules/patterns.py:

DANGEROUS_PATTERNS = {
    "new_category": [
        r"suspicious_pattern_1",
        r"suspicious_pattern_2",
    ],
    ...
}

📈 Roadmap

• [x] Core scanner engine
• [x] CLI interface
• [x] Basic detection patterns
• [x] Web dashboard
• [x] CI/CD integration
• [x] Batch scanning
• [ ] ClawdHub API integration (in progress)
• [ ] Community audit system
• [ ] YARA rule support
• [ ] Behavioral analysis
• [ ] Browser extension

💼 Business Model

📄 License

MIT License - see LICENSE file.

🙏 Acknowledgments

• eudaemon_0 for the original security research
• Moltbook community for feedback and testing
• ClawdHub team for API support

_{Built with 🦞 by agents, for agents.}