{ "schemaVersion": "1.0", "item": { "slug": "skill-scanner-guard", "name": "Openclaw Skill Scanner", "source": "tencent", "type": "skill", "category": "安全合规", "sourceUrl": "https://clawhub.ai/jason-allen-oneal/skill-scanner-guard", "canonicalUrl": "https://clawhub.ai/jason-allen-oneal/skill-scanner-guard", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/skill-scanner-guard", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=skill-scanner-guard", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md", "scripts/auto_scan_user_skills.sh", "scripts/clawhub_scan_install.sh", "scripts/scan_and_add_skill.sh", "scripts/scan_openclaw_skills.sh" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/skill-scanner-guard" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/skill-scanner-guard", "agentPageUrl": "https://openagent3.xyz/skills/skill-scanner-guard/agent", "manifestUrl": "https://openagent3.xyz/skills/skill-scanner-guard/agent.json", "briefUrl": "https://openagent3.xyz/skills/skill-scanner-guard/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Skill Scanner Guard", "body": "Harden OpenClaw’s skill supply chain:\n\nScan skills with cisco-ai-defense/skill-scanner\nBlock only on High/Critical\nAllow Medium/Low/Info but warn\nAuto-scan on changes to ~/.openclaw/skills\nQuarantine failing skills to ~/.openclaw/skills-quarantine" }, { "title": "Install skill-scanner (repo + uv env)", "body": "cd \"$HOME/.openclaw/workspace\"\n# or wherever you keep repos\n\ngit clone https://github.com/cisco-ai-defense/skill-scanner\ncd skill-scanner\nCC=gcc uv sync --all-extras\n\nNote: some environments try gcc-12 while building yara-python; forcing CC=gcc avoids that." }, { "title": "1) Scan all user skills (manual)", "body": "User skills live at:\n\n~/.openclaw/skills\n\nRun:\n\n$HOME/.openclaw/skills/skill-scanner-guard/scripts/scan_openclaw_skills.sh\n\nOutputs go to:\n\n/home/rev/.openclaw/workspace/skill_scans/" }, { "title": "2) Install a folder skill with scan gate (copy/clone workflow)", "body": "Use the wrapper instead of copying directly:\n\n$HOME/.openclaw/skills/skill-scanner-guard/scripts/scan_and_add_skill.sh /path/to/skill-dir\n\nPolicy:\n\nBlock only if High/Critical exist (unless --force)\nStill installs if only Medium/Low/Info exist, but prints a warning summary" }, { "title": "3) Install from ClawHub with scan gate (staging install)", "body": "Install to a staging dir, scan, then copy into ~/.openclaw/skills only if allowed:\n\n$HOME/.openclaw/skills/skill-scanner-guard/scripts/clawhub_scan_install.sh \n# optionally\n$HOME/.openclaw/skills/skill-scanner-guard/scripts/clawhub_scan_install.sh --version " }, { "title": "4) Auto-scan + quarantine on change (systemd user units)", "body": "Install the units (templates are in references/):\n\nmkdir -p ~/.config/systemd/user\ncp -a \"$HOME/.openclaw/skills/skill-scanner-guard/references/openclaw-skill-scan.\"* ~/.config/systemd/user/\n\nsystemctl --user daemon-reload\nsystemctl --user enable --now openclaw-skill-scan.path\n\nBehavior:\n\nAny change under ~/.openclaw/skills/ triggers scripts/auto_scan_user_skills.sh\nIf High/Critical findings exist, the script moves failing skill directories to:\n~/.openclaw/skills-quarantine/-\nReports are written to:\n/home/rev/.openclaw/workspace/skill_scans/auto/\n\nInspect:\n\nsystemctl --user status openclaw-skill-scan.path\njournalctl --user -u openclaw-skill-scan.service -n 100 --no-pager\nls -la ~/.openclaw/skills-quarantine" }, { "title": "scripts/", "body": "scan_openclaw_skills.sh: generate markdown reports for user + bundled skills\nscan_and_add_skill.sh: scan candidate folder skill; install only if allowed\nclawhub_scan_install.sh: stage-install from ClawHub, scan, then install\nauto_scan_user_skills.sh: scan-all on ~/.openclaw/skills changes; quarantine High/Critical failures" }, { "title": "references/", "body": "openclaw-skill-scan.path / openclaw-skill-scan.service: systemd --user path trigger units" } ], "body": "Skill Scanner Guard\n\nHarden OpenClaw’s skill supply chain:\n\nScan skills with cisco-ai-defense/skill-scanner\nBlock only on High/Critical\nAllow Medium/Low/Info but warn\nAuto-scan on changes to ~/.openclaw/skills\nQuarantine failing skills to ~/.openclaw/skills-quarantine\nQuick start\nInstall skill-scanner (repo + uv env)\ncd \"$HOME/.openclaw/workspace\"\n# or wherever you keep repos\n\ngit clone https://github.com/cisco-ai-defense/skill-scanner\ncd skill-scanner\nCC=gcc uv sync --all-extras\n\n\nNote: some environments try gcc-12 while building yara-python; forcing CC=gcc avoids that.\n\nWorkflows\n1) Scan all user skills (manual)\n\nUser skills live at:\n\n~/.openclaw/skills\n\nRun:\n\n$HOME/.openclaw/skills/skill-scanner-guard/scripts/scan_openclaw_skills.sh\n\n\nOutputs go to:\n\n/home/rev/.openclaw/workspace/skill_scans/\n2) Install a folder skill with scan gate (copy/clone workflow)\n\nUse the wrapper instead of copying directly:\n\n$HOME/.openclaw/skills/skill-scanner-guard/scripts/scan_and_add_skill.sh /path/to/skill-dir\n\n\nPolicy:\n\nBlock only if High/Critical exist (unless --force)\nStill installs if only Medium/Low/Info exist, but prints a warning summary\n3) Install from ClawHub with scan gate (staging install)\n\nInstall to a staging dir, scan, then copy into ~/.openclaw/skills only if allowed:\n\n$HOME/.openclaw/skills/skill-scanner-guard/scripts/clawhub_scan_install.sh \n# optionally\n$HOME/.openclaw/skills/skill-scanner-guard/scripts/clawhub_scan_install.sh --version \n\n4) Auto-scan + quarantine on change (systemd user units)\n\nInstall the units (templates are in references/):\n\nmkdir -p ~/.config/systemd/user\ncp -a \"$HOME/.openclaw/skills/skill-scanner-guard/references/openclaw-skill-scan.\"* ~/.config/systemd/user/\n\nsystemctl --user daemon-reload\nsystemctl --user enable --now openclaw-skill-scan.path\n\n\nBehavior:\n\nAny change under ~/.openclaw/skills/ triggers scripts/auto_scan_user_skills.sh\nIf High/Critical findings exist, the script moves failing skill directories to: ~/.openclaw/skills-quarantine/-\nReports are written to: /home/rev/.openclaw/workspace/skill_scans/auto/\n\nInspect:\n\nsystemctl --user status openclaw-skill-scan.path\njournalctl --user -u openclaw-skill-scan.service -n 100 --no-pager\nls -la ~/.openclaw/skills-quarantine\n\nBundled resources\nscripts/\nscan_openclaw_skills.sh: generate markdown reports for user + bundled skills\nscan_and_add_skill.sh: scan candidate folder skill; install only if allowed\nclawhub_scan_install.sh: stage-install from ClawHub, scan, then install\nauto_scan_user_skills.sh: scan-all on ~/.openclaw/skills changes; quarantine High/Critical failures\nreferences/\nopenclaw-skill-scan.path / openclaw-skill-scan.service: systemd --user path trigger units" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/jason-allen-oneal/skill-scanner-guard", "publisherUrl": "https://clawhub.ai/jason-allen-oneal/skill-scanner-guard", "owner": "jason-allen-oneal", "version": "1.0.2", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/skill-scanner-guard", "downloadUrl": "https://openagent3.xyz/downloads/skill-scanner-guard", "agentUrl": "https://openagent3.xyz/skills/skill-scanner-guard/agent", "manifestUrl": "https://openagent3.xyz/skills/skill-scanner-guard/agent.json", "briefUrl": "https://openagent3.xyz/skills/skill-scanner-guard/agent.md" } }