Skill Guard 1.0.2

by kenswjv1.0.0

❌ Risky

Scan ClawHub skills for security vulnerabilities BEFORE installing. Use when installing new skills from ClawHub to detect prompt injections, malware payloads...

clawhub install skill-guard-1-0-2
📥
0
All-time Downloads
📦
0
Active Installs
0
Stars

Security Analysis

🤖 Powered by DeepSeek AI

25/100
Safety Score

This skill presents significant security risks despite claiming to be a security scanner. Platform moderation has flagged it for suspicious LLM behavior and prompt injection instructions, suggesting it may be a trojan horse. The combination of excessive permissions, unknown author, and platform warnings makes this too dangerous to install.

⚠️Data Privacy RiskSkill claims to scan other skills, potentially accessing sensitive code/data without clear privacy boundaries
Permission ScopeClaims ability to quarantine threats and modify skill installations - excessive permissions for a scanning tool
Supply Chain RiskAuthor unknown, skill flagged as suspicious by platform moderation with prompt injection indicators
⚠️Code TransparencyChangelog truncated, incomplete documentation of actual scanning methodology
Malware IndicatorsPlatform moderation detected suspicious.llm_suspicious and prompt_injection_instructions
Social Engineering RiskPresents as security tool but contains suspicious elements - classic trojan horse pattern
⚠️Dependency SafetyReferences external scanning tool (mcp-scan) without verification of its safety
⚠️Update FrequencyInitial release only, no update history available
⚠️Community ValidationZero stars, zero comments, minimal downloads - no community trust established
License ComplianceMIT-0 license is permissive and appropriate

Last scanned: 3/29/2026

Community Mentions

From Reddit & GitHub discussions

🔍

No community mentions found yet.

Be the first to discuss this skill on Reddit or GitHub!

User Reviews

Loading reviews...

Sign in to write a review

Sign In

Changelog v1.0.0

Initial release: client-side security scanning for ClawHub skills before installation. - Scans skill packages for prompt injections, malware, hardcoded secrets, exfiltration URLs, and other AI-specific threats before installing. - Uses Invariant Labs/Snyk's mcp-scan for deep AI skill analysis. - Installs only if skill is clean; otherwise quarantines detected threats in a staging folder. - Provides clear CLI usage: secure install script, exit codes, and threat handling instructions. - Adds a str...

Related Skills

Self Evolving Skill

Meta-cognitive self-learning system - Automated skill evolution based on predict...

Skill Builder / Creator

Create high-quality skills with modular structure, progressive disclosure, and t...

Skill Test

Test skills before using or publishing. Trial, compare, evaluate in isolation wi...

Safety Score

25
out of 100
❌ Risky

🤖 AI-powered scan

Info

Version
1.0.0
Versions
1
Author
kenswj
Updated
Mar 28, 2026
License
MIT-0
Install on ClawHub →⚖️ Compare Skills← Browse All Skills