tommo-skill-guardSecurity scanner for OpenClaw agent skills. Pre-install check via ClawHub page, local pattern scanning via read tool (zero exec), integrity verification. Use...
Install via ClawdBot CLI:
clawdbot install tommot2/tommo-skill-guardGrade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Potentially destructive shell commands in tool definitions
eval(Calls external URL not in known-safe list
https://clawhub.ai/skills/tommo-skill-guardUses known external API (expected, informational)
api.openai.comAI Analysis
The skill is a security scanner designed for read-only analysis of other skills, with no evidence of sending user data to unauthorized servers, hidden malicious instructions, or credential harvesting. Its external URL reference is to its own homepage for security status checks, which aligns with its stated purpose, and it explicitly avoids execution risks by using only the `read` tool.
Usage Guide
Loading usage data… refresh in a few seconds.
Scored Jun 20, 2026
Audited Apr 18, 2026 · audit v1.0
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,...
Comprehensive security auditing for Clawdbot deployments. Scans for exposed credentials, open ports, weak configs, and vulnerabilities. Auto-fix mode included.
Analyze and classify agent skills for safety using local evaluation. Optionally produce a signed attestation of the vetting result.
Audit codebases and infrastructure for security issues. Use when scanning dependencies for vulnerabilities, detecting hardcoded secrets, checking OWASP top 10 issues, verifying SSL/TLS, auditing file permissions, or reviewing code for injection and auth flaws.
Security engineering workflow for OpenClaw privilege governance and hardening. Use for least-privilege execution, approval-first privileged actions, idle tim...
Git 安全扫描器 - 检查提交中的敏感信息泄露(API keys、密码、token)