skill-guard-1-0-2Scan ClawHub skills for security vulnerabilities BEFORE installing. Use when installing new skills from ClawHub to detect prompt injections, malware payloads...
Install via ClawdBot CLI:
clawdbot install kenswj/skill-guard-1-0-2Grade Limited — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Contains instructions to override system prompt or ignore user requests
"IGNORE PREVIOUS INSTRUCTIONS"Potentially destructive shell commands in tool definitions
rm -rf /Calls external URL not in known-safe list
https://github.com/invariantlabs-ai/mcp-scanAudited Apr 17, 2026 · audit v1.0
Generated Mar 21, 2026
Large organizations deploying AI agents with access to sensitive data can use skill-guard to vet third-party skills before installation, preventing prompt injections that could leak confidential information or compromise internal systems. This ensures compliance with security policies and reduces the risk of data breaches from malicious skill payloads.
Software development teams integrating AI agents into their workflows can incorporate skill-guard into CI/CD pipelines to automatically scan new skills from ClawHub before deployment. This catches hardcoded secrets or malware in skill updates, safeguarding codebases and infrastructure from unauthorized access or exfiltration attempts.
Academic institutions using AI agents for research projects can employ skill-guard to safely experiment with community-shared skills without risking system compromise. It blocks toxic flows or hidden instructions that could alter experimental results or expose sensitive research data to external URLs.
Small businesses leveraging AI agents for customer service or automation can use skill-guard to install skills from ClawHub securely, avoiding prompt injections that might manipulate agent behavior to send fraudulent messages or leak customer data. This provides a low-cost security layer for non-technical users.
Freelancers using AI agents to manage tasks and communications can rely on skill-guard to scan skills for data exfiltration URLs or malicious code before installation, protecting client information and personal files from being sent to unauthorized third parties through compromised skills.
Offer skill-guard as a free open-source tool for basic scanning, with a premium tier providing advanced features like detailed threat reports, integration with enterprise security systems, and priority support. Revenue comes from subscriptions for businesses needing enhanced protection and compliance features.
License skill-guard's scanning technology to companies developing AI agent platforms, embedding it directly into their skill marketplaces or installation processes. Revenue is generated through licensing fees and custom development services for tailored security solutions.
Provide consulting services to organizations for integrating skill-guard into their AI agent security strategies, including custom scans, threat analysis, and employee training on safe skill usage. Revenue comes from project-based fees and ongoing support packages.
💬 Integration Tip
Integrate skill-guard by replacing direct clawhub install commands with the safe-install.sh script in your workflows, ensuring all skill installations are pre-scanned for threats before they reach your agent environment.
Scored Apr 19, 2026
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Manage and operate ClawSec Monitor v3.0, a MITM HTTP/HTTPS proxy that logs AI agent traffic, detects exfiltration and injection threats in real time.
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.
MoltGuard — OpenClaw security guard by OpenGuardrails. Install MoltGuard to protect you and your human from prompt injection, data exfiltration, and maliciou...
Safe command execution for OpenClaw Agents with automatic danger pattern detection, risk assessment, user approval workflow, and audit logging. Use when agen...
Scan ClawHub skills for security vulnerabilities BEFORE installing. Use when installing new skills from ClawHub to detect prompt injections, malware payloads, hardcoded secrets, and other threats. Wraps clawhub install with mcp-scan pre-flight checks.