clawscanSecurity scanner for ClawHub skills. Vet third-party skills before installation — detect dangerous patterns, suspicious code, and risky dependencies.
Install via ClawdBot CLI:
clawdbot install G0HEAD/clawscanGrade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Accesses sensitive credential files or environment variables
/etc/passwdSends data to undocumented external endpoint (potential exfiltration)
Report → https://github.com/G0HEAD/skillguard/issuesPotentially destructive shell commands in tool definitions
eval(Calls external URL not in known-safe list
https://github.com/G0HEAD/skillguardGenerated Mar 1, 2026
Large organizations using ClawHub for internal automation can deploy SkillGuard to scan all third-party skills before installation, ensuring compliance with security policies and preventing supply chain attacks. This is critical for protecting sensitive data and infrastructure from malicious code execution or credential theft.
Independent developers creating or modifying skills for ClawHub can use SkillGuard to audit their own code for dangerous patterns like eval() or shell injection before publishing. This helps maintain a safe ecosystem and builds trust with users by proactively identifying vulnerabilities.
Educational institutions teaching AI or automation with ClawHub can integrate SkillGuard to scan skills used in coursework, preventing students from accidentally installing malicious packages. It ensures a secure learning environment by flagging risks like reverse shells or crypto mining.
Community moderators or maintainers of ClawHub skill repositories can use SkillGuard to automatically vet submissions for dangerous patterns, reducing manual review effort. This helps filter out skills with critical issues like privilege escalation or data exfiltration before they reach users.
Regulated industries such as finance or healthcare can employ SkillGuard to audit installed skills for compliance with data protection standards, detecting risks like environment variable access or unauthorized network requests. This supports risk assessments and prevents breaches from third-party code.
Offer SkillGuard as a free open-source tool for basic scanning, with premium features like advanced pattern detection, detailed reporting, and API access for enterprise users. Revenue is generated through subscription tiers, targeting businesses needing enhanced security audits and compliance support.
Provide paid consulting services to help organizations integrate SkillGuard into their ClawHub workflows, including custom rule sets, training, and ongoing support. Revenue comes from project-based fees and retainer contracts, focusing on industries with high security requirements like finance or government.
Partner with ClawHub or skill marketplaces to offer a certification program where skills are scanned by SkillGuard and receive a safety badge. Revenue is generated through certification fees paid by skill developers, enhancing trust and visibility in the marketplace while promoting secure practices.
💬 Integration Tip
Integrate SkillGuard into CI/CD pipelines for automated scanning of skill updates, and use its audit-installed command regularly to monitor existing installations for new vulnerabilities.
Scored Apr 19, 2026
Uses known external API (expected, informational)
api.anthropic.comAudited Apr 17, 2026 · audit v1.0
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Manage and operate ClawSec Monitor v3.0, a MITM HTTP/HTTPS proxy that logs AI agent traffic, detects exfiltration and injection threats in real time.
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.
MoltGuard — OpenClaw security guard by OpenGuardrails. Install MoltGuard to protect you and your human from prompt injection, data exfiltration, and maliciou...
Safe command execution for OpenClaw Agents with automatic danger pattern detection, risk assessment, user approval workflow, and audit logging. Use when agen...
Scan ClawHub skills for security vulnerabilities BEFORE installing. Use when installing new skills from ClawHub to detect prompt injections, malware payloads, hardcoded secrets, and other threats. Wraps clawhub install with mcp-scan pre-flight checks.