🛡️ Agent Security

skill-guardv1.0.2

Name: skill-guard
Author: jamesOuttake

skill-guard

Scan ClawHub skills for security vulnerabilities BEFORE installing. Use when installing new skills from ClawHub to detect prompt injections, malware payloads, hardcoded secrets, and other threats. Wraps clawhub install with mcp-scan pre-flight checks.

security

Download Package View on ClawHub

Installs (all time)

Installs (current)

Downloads

10.3K

Stars

CreatedFeb 5, 2026

UpdatedFeb 26, 2026

Install & Quick Start

Install via ClawdBot CLI:

clawdbot install jamesOuttake/skill-guard

Skill Package2 files

📋SKILL.mdmarkdown

Failed to load file.

Quality Score

B57/100

Grade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.

Market Validation12/35

· 5 installs (low)
· 1070 downloads (moderate demand)

Documentation20/25

· SKILL.md present
· Detailed documentation (≥3000 chars)
· Contains usage examples or trigger description
· Detailed summary

Package Completeness8/15

· skillAssets present (1 files)

Security Analysis

🚨 Critical Risk

PROMPT_POISONINGhigh

Contains instructions to override system prompt or ignore user requests

"IGNORE PREVIOUS INSTRUCTIONS"

UNSAFE_SHELLmedium

Potentially destructive shell commands in tool definitions

rm -rf /

UNDOCUMENTED_EXTERNALlow

Calls external URL not in known-safe list

https://github.com/invariantlabs-ai/mcp-scan

AI Analysis

This skill is a security scanner designed to protect users by analyzing other skills before installation. It uses the legitimate, publicly documented mcp-scan tool from Invariant Labs/Snyk for analysis. The flagged signals are examples of what it detects in malicious skills, not behaviors of the scanner itself.

💡

Usage Guide

Generated Mar 1, 2026

AI developers and engineersSecurity professionals and IT administratorsbeginner

💡 Application Scenarios

Enterprise AI Agent DeploymentFinance and Technology

Large organizations deploying AI agents across departments use skill-guard to vet third-party skills before installation, ensuring no hidden prompt injections or data exfiltration risks compromise sensitive corporate data. This prevents unauthorized access to internal systems and maintains compliance with security policies.

Developer Toolchain IntegrationSoftware Development

Software development teams integrate skill-guard into their CI/CD pipelines to automatically scan new or updated ClawHub skills during testing phases. This catches AI-specific threats like malicious code patterns before deployment, reducing the risk of supply chain attacks in production environments.

Educational AI ResearchEducation and Research

Academic institutions and researchers use skill-guard to safely experiment with diverse ClawHub skills for AI agent projects, blocking installations that contain hardcoded secrets or toxic flows. This protects student data and research integrity from potential breaches or manipulation.

Freelance AI ConsultingConsulting Services

Independent consultants and small agencies leverage skill-guard to securely install skills for client projects, verifying content for prompt injections and hidden instructions to prevent agent compromise. This builds trust with clients by ensuring reliable and safe AI functionality.

Open Source Community ProjectsOpen Source Software

Open source contributors and maintainers use skill-guard to review community-submitted skills for security vulnerabilities before integration into shared repositories. This helps maintain project safety by catching threats like malware payloads early in the contribution process.

💼 Business Models

Freemium Security ToolSubscription-based and service fees

Offer a free basic version of skill-guard for individual users with limited scans, and a paid tier for enterprises with advanced features like batch scanning, detailed reporting, and priority support. Revenue comes from subscription fees and custom integration services.

B2B Enterprise LicensingAnnual licensing and consulting fees

License skill-guard to large corporations as part of their AI security suite, providing volume discounts and dedicated support. Revenue is generated through annual licensing contracts and optional training or consulting packages for deployment.

Integration PartnershipReferral fees and revenue-sharing

Partner with ClawHub and other AI platform providers to bundle skill-guard as a default security feature, earning revenue through referral fees or revenue-sharing agreements. This model leverages existing user bases to drive adoption and monetization.

💬 Integration Tip

Integrate skill-guard into your existing workflow by replacing direct clawhub install commands with the safe-install script, and set up automated scans in development environments to catch threats early.