From sundial-org-awesome-openclaw-skills-4
Scans AgentSkill packages for credential theft, code injection, prompt manipulation, data exfiltration, and evasion techniques. Use when evaluating skills from ClawHub or any untrusted source.
How this skill is triggered — by the user, by Claude, or both
Slash command
/sundial-org-awesome-openclaw-skills-4:skillguardThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
When asked to check, audit, or scan a skill for security, use SkillGuard.
README.mdRED-TEAM-NOTES.mdpackage.jsonrules/dangerous-patterns.jsonsrc/ast-analyzer.jssrc/clawhub.jssrc/cli.jssrc/index.jssrc/prompt-analyzer.jssrc/reporter.jssrc/scanner.jstest-fixtures/clean-skill/weather.jstest-fixtures/evasive-01-string-concat/index.jstest-fixtures/evasive-02-encoded/index.jstest-fixtures/evasive-04-timebomb/scheduler.jstest-fixtures/evasive-05-alias-chain/tools.jstest-fixtures/evasive-07-sandbox-detect/check.jstest-fixtures/evasive-08-reverse-shell/debug.shtest-fixtures/evasive-09-python-pickle/cache.pytest-fixtures/evasive-11-polyglot-json/config-template.jsonWhen asked to check, audit, or scan a skill for security, use SkillGuard.
node /home/claw/.openclaw/workspace/skillguard/src/cli.js scan <path>
node /home/claw/.openclaw/workspace/skillguard/src/cli.js scan <path> --compact
node /home/claw/.openclaw/workspace/skillguard/src/cli.js check "<text>"
node /home/claw/.openclaw/workspace/skillguard/src/cli.js batch <directory>
node /home/claw/.openclaw/workspace/skillguard/src/cli.js scan-hub <slug>
--compact: chat-friendly summary--json: machine-readable full report--quiet: score and verdict onlynpx claudepluginhub sundial-org/awesome-openclaw-skillsScans agent skills for security risks including prompt injection, malicious scripts, excessive permissions, secret exposure, and supply chain issues. Runs static analysis via a bundled Python script.
Scans third-party skills for malicious patterns before installation. Detects prompt injection, RCE, credential theft, and social engineering across 6 audit phases.
Vets AI agent skills for security risks before installation. Checks red flags, permission scope, and suspicious patterns in skill code.