skill-guard

# SkillGuard
Scan ClawHub skills for prompt injection, jailbreak attempts, and malicious instructions
before they get installed into your OpenClaw workspace.

## When to use this skill
- User says "install [skill]", "clawhub install [skill]", or "add the [skill] skill"
- User says "scan [skill]", "check [skill] for safety", "is [skill] safe?"
- User says "audit my skills" or "scan all installed skills"
- Any time you are about to install a third-party skill from ClawHub

## How it works
SkillGuard calls a hosted Apify actor (`numerous_hierarchy/skill-guard-actor`,
actor ID: `TMjFBNFqIIUfCBf6K`) that:
1. Fetches the raw SKILL.md content from ClawHub's public API
2. Passes it to Lakera Guard for prompt injection analysis
3. Returns a verdict: `safe`, `flagged`, or `error` with reasoning

Results are delivered back to your OpenClaw agent via an ad-hoc webhook.

## Running the actor

Use an ad-hoc webhook to trigger the run asynchronously and receive results
back via your OpenClaw hooks endpoint.

### Step 1: Build the webhook definition

Create this JSON array, then base64-encode it:

```json
[{
  "eventTypes": ["ACTOR.RUN.SUCCEEDED", "ACTOR.RUN.FAILED"],
  "requestUrl": "$OPENCLAW_WEBHOOK_URL",
  "headersTemplate": "{\"Authorization\": \"Bearer $OPENCLAW_HOOKS_TOKEN\"}",
  "payloadTemplate": "{\"resource\": {{resource}}}"
}]
```

### Step 2: Start the run

Use the bundled script — it handles base64 encoding the webhook and making
the API call:

```bash
# Scan by slug
bash {baseDir}/scripts/scan.sh --slug instagram-search

# Scan by search query
bash {baseDir}/scripts/scan.sh --query instagram

# Both (results deduplicated)
bash {baseDir}/scripts/scan.sh --slug instagram-search --query instagram --max 5
```

The script reads `APIFY_TOKEN`, `LAKERA_API_KEY`, `OPENCLAW_WEBHOOK_URL`, and
`OPENCLAW_HOOKS_TOKEN` from the environment automatically.

Or make the API call manually:

```
POST https://api.apify.com/v2/acts/TMjFBNFqIIUfCBf6K/runs
  ?token=$APIFY_TOKEN
  &webhooks...