Quick overview
SkillGuard scans OpenClaw skills for security threats including reverse shells, credential theft, memory poisoning, and typosquatting. It works on installed skills, individual skill files, or ClawHub skills fetched before installation. There is no official skill vetting process for OpenClaw, and documented campaigns have distributed malware through the ecosystem.
It catches specific attack patterns documented in real ClawHub malware campaigns, including the ClawHavoc vector of embedding download instructions in skill prerequisites, which generic scanners miss.
Common tasks
- Scan all installed skills before a system audit
- Check a ClawHub skill for malware before installing it
- Verify a skill name isn't typosquatting a known skill
- Review flagged patterns in a skill someone else wrote
- Automated security check in a skill review workflow
Install paths
Primary command
openclaw install msgnoki/skillguard-scanner
ClawHub installer
npx clawhub@latest install msgnoki/skillguard-scanner
OpenClaw CLI
openclaw skills install msgnoki/skillguard-scanner
Direct OpenClaw install
openclaw install msgnoki/skillguard-scanner
Skill metadata
- Category: Coding Agents & IDEs
- Language: Markdown
- Version: 1.1.0
- Security status: Benign
Review upstream source
The full public SKILL.md body is not directly fetchable for this entry right now, so this page is using the best available catalog metadata. Review the upstream source page for the latest files, version history, and security scan details: https://clawhub.ai/msgnoki/skillguard-scanner






