# skillguard > Security scanner for AgentSkill packages. Scan skills for credential theft, code injection, prompt manipulation, data exfiltration, and evasion techniques before installing them. Use when evaluating skills from ClawHub or any untrusted source. - Author: GRATITUD3 - Repository: gratitude5dee/mog - Version: 20260203120517 - Stars: 0 - Forks: 0 - Last Updated: 2026-02-06 - Source: https://github.com/gratitude5dee/mog - Web: https://mule.run/skillshub/@@gratitude5dee/mog~skillguard:20260203120517 --- --- name: skillguard description: Security scanner for AgentSkill packages. Scan skills for credential theft, code injection, prompt manipulation, data exfiltration, and evasion techniques before installing them. Use when evaluating skills from ClawHub or any untrusted source. metadata: {"openclaw": {"requires": {"bins": ["node"]}}} --- # SkillGuard — Agent Security Scanner When asked to check, audit, or scan a skill for security, use SkillGuard. ## Commands ### Scan a local skill directory ```bash node /home/claw/.openclaw/workspace/skillguard/src/cli.js scan ``` ### Scan with compact output (for chat) ```bash node /home/claw/.openclaw/workspace/skillguard/src/cli.js scan --compact ``` ### Check text for prompt injection ```bash node /home/claw/.openclaw/workspace/skillguard/src/cli.js check "" ``` ### Batch scan multiple skills ```bash node /home/claw/.openclaw/workspace/skillguard/src/cli.js batch ``` ### Scan a ClawHub skill by slug ```bash node /home/claw/.openclaw/workspace/skillguard/src/cli.js scan-hub ``` ## Score Interpretation - 80-100 ✅ LOW risk — safe to install - 50-79 ⚠️ MEDIUM — review findings before installing - 20-49 🟠 HIGH — significant security concerns - 0-19 🔴 CRITICAL — do NOT install without manual review ## Output Formats - Default: full text report - `--compact`: chat-friendly summary - `--json`: machine-readable full report - `--quiet`: score and verdict only