skillguard
Scans OpenClaw skills for security threats, detecting malware and vulnerabilities before installation to ensure safe usage.
Install this skill
or
0/100
Security score
The skillguard skill was audited on Feb 16, 2026 and we found 7 security issues across 3 threat categories, including 3 critical. Review the findings below before installing.
Categories Tested
Security Issues
critical line 37
Direct command execution function call
SourceSKILL.md
| 37 | - **Code obfuscation** — `base64 -d | bash`, `eval()`, `exec()` with encoded payloads |
critical line 37
Eval function call - arbitrary code execution
SourceSKILL.md
| 37 | - **Code obfuscation** — `base64 -d | bash`, `eval()`, `exec()` with encoded payloads |
critical line 37
Piping content to bash shell
SourceSKILL.md
| 37 | - **Code obfuscation** — `base64 -d | bash`, `eval()`, `exec()` with encoded payloads |
medium line 52
Node child_process module reference
SourceSKILL.md
| 52 | - **Shell execution** — `subprocess`, `os.system`, `child_process` (common but worth noting) |
medium line 40
Webhook reference - potential data exfiltration
SourceSKILL.md
| 40 | - **Suspicious URLs** — `webhook.site`, `glot.io`, `ngrok.io`, `pastebin.com` |
high line 40
Ngrok tunnel reference
SourceSKILL.md
| 40 | - **Suspicious URLs** — `webhook.site`, `glot.io`, `ngrok.io`, `pastebin.com` |
medium line 45
Access to .env file
SourceSKILL.md
| 45 | - **Credential access** — Patterns accessing `.env`, API keys, tokens, SSH keys |
Scanned on Feb 16, 2026
View Security Dashboard