skillguard-scannerSecurity scanner for OpenClaw/ClawHub skills. Detects malware, reverse shells, credential theft, prompt injection, memory poisoning, typosquatting, and suspicious prerequisites before installation. Use when installing new skills, auditing existing skills, checking a skill name for typosquatting, or scanning ClawHub skills for security risks.
Install via ClawdBot CLI:
clawdbot install msgnoki/skillguard-scannerScan OpenClaw skills for security threats before they compromise your system.
python3 {scripts}/scanner.pypython3 {scripts}/scanner.py --skill <skill-name>python3 {scripts}/scanner.py --check-name <name>python3 {scripts}/scanner.py --fetch-clawhub <skill-name>nc -e, bash -i >& /dev/tcp, ncat, mkfifobase64 -d | bash, eval(), exec() with encoded payloadswebhook.site, glot.io, ngrok.io, pastebin.comSOUL.md, MEMORY.md, AGENTS.md.env, API keys, tokens, SSH keyssubprocess, os.system, child_process (common but worth noting)Each finding includes a FP estimate (low/medium/high):
python3 {scripts}/scanner.py --fetch-clawhub (requires clawhub CLI){baseDir}/../data/scan_results.json (configurable via --json-out)As of February 2026, 341 malicious skills were found on ClawHub (Koi Security / ClawHavoc campaign), distributing Atomic Stealer malware via fake prerequisites. OpenClaw has 512 known vulnerabilities (Kaspersky audit). There is no official skill vetting process. SkillGuard fills this gap.
See references/threat-landscape.md for detailed background.
Generated Mar 1, 2026
AI development teams can use SkillGuard to audit all installed skills in their OpenClaw environment, ensuring no malware or reverse shells are present. This is critical for maintaining system integrity during development cycles and preventing data breaches from compromised skills. It helps teams comply with internal security policies by providing automated scanning before deploying new features.
Individual users or organizations downloading skills from ClawHub can run SkillGuard to scan skills before installation, detecting threats like credential theft or typosquatting. This prevents the installation of malicious skills that could compromise sensitive data or system resources. It acts as a first line of defense in environments without official vetting processes.
Financial institutions using OpenClaw for automation can employ SkillGuard to assess the security risks of skills, particularly detecting crypto wallet access or data exfiltration patterns. This supports regulatory compliance by identifying potential vulnerabilities and preventing financial fraud through automated threat detection. It ensures that only vetted skills are used in high-stakes financial workflows.
Educational institutions can integrate SkillGuard into cybersecurity courses to teach students about malware detection and security auditing in AI ecosystems. Students can practice scanning skills for threats like prompt injection or memory poisoning, gaining hands-on experience with real-world security tools. This enhances learning outcomes by applying theoretical knowledge to practical scenarios.
Companies integrating third-party skills from vendors into their OpenClaw systems can use SkillGuard to screen for suspicious prerequisites or hardcoded IPs before deployment. This reduces the risk of supply chain attacks by ensuring that external skills meet security standards and do not introduce vulnerabilities. It facilitates safer collaborations and partnerships in tech-driven industries.
Offer a free basic version of SkillGuard for individual users with limited scans, and a paid premium tier for teams with advanced features like batch scanning, detailed reporting, and priority support. Revenue is generated through subscription fees, targeting small to medium businesses that require enhanced security tools. This model encourages adoption while monetizing value-added services.
Sell enterprise licenses to large organizations, providing custom integrations, dedicated support, and compliance certifications for SkillGuard. Revenue comes from one-time license fees or annual contracts, with additional income from training and consulting services. This model caters to industries with strict security requirements, such as finance or healthcare.
Release SkillGuard as open-source software to build a community and drive adoption, while generating revenue through sponsorships from companies, donations from users, and grants for security research. This model fosters collaboration and trust, with potential upsells for commercial support or custom development. It leverages the tool's visibility in the cybersecurity ecosystem.
π¬ Integration Tip
Integrate SkillGuard into CI/CD pipelines to automate security checks before deploying skills, and use the JSON output for logging and alerting systems to track vulnerabilities over time.
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Perform a comprehensive read-only security audit of Clawdbot's own configuration. This is a knowledge-based skill that teaches Clawdbot to identify hardening opportunities across the system. Use when user asks to "run security check", "audit clawdbot", "check security hardening", or "what vulnerabilities does my Clawdbot have". This skill uses Clawdbot's internal capabilities and file system access to inspect configuration, detect misconfigurations, and recommend remediations. It is designed to be extensible - new checks can be added by updating this skill's knowledge.
Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.
Security check for ClawHub skills powered by Koi. Query the Clawdex API before installing any skill to verify it's safe.
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.