TopRank Skills
Home / Claw Skills / Others / mayguard
Official OpenClaw rules 15%

mayguard

A security auditor for agent skills. Scans skill directories for malicious patterns (credential theft, suspicious network calls, destructive commands) and provides a safety score. Use before installing unknown skills.

View Source SKILL.md

Stars

0

Installs

0

Status

ACTIVE

Visibility

PUBLIC

安装方式

直接复制以下提示词,发送给你的 AI 助手即可完成安装。

请先检查是否已安装 SkillHub 商店,若未安装,请根据 https://skillhub-1388575217.cos.ap-guangzhou.myqcloud.com/install/skillhub.md 安装 SkillHub 商店,然后安装 mayguard 技能。 若已安装,则直接安装 mayguard 技能。

Overview

Skill Key
balkanblbn/mayguard
Author
balkanblbn
Source Repo
openclaw/skills
Version
-
Source Path
skills/balkanblbn/mayguard
Latest Commit SHA
267a0c017735f54bb9ae3e8d1c4ec13e7a3c6386

Extracted Content

SKILL.md excerpt

# MayGuard: Security Auditor 🛡️

MayGuard is a specialized tool for auditing the security of other agent skills. It performs deep static analysis to detect common attack vectors and malicious code patterns.

## 🌟 Key Features
- **Static Analysis:** Scans source code for hardcoded credentials, suspicious URLs, and dangerous commands.
- **Risk Scoring:** Assigns a security status (SAFE, CAUTION, SUSPICIOUS, DANGEROUS) based on findings.
- **Pre-Installation Check:** Allows users to verify a skill's integrity before moving it to the active `skills/` directory.

## 🛠️ How to Use

### 1. Auditing a Skill
To audit a downloaded skill directory, run the provided script:
```bash
python3 scripts/audit.py <path_to_skill_directory>
```

### 2. Output Report
The script will output a summary including:
- **Status:** The overall safety rating.
- **Risk Score:** Numerical representation of detected threats.
- **Findings:** Specific files and patterns that triggered warnings.

### 3. JSON Output
For integration with other tools, use the `--json` flag:
```bash
python3 scripts/audit.py <path> --json
```

## 🛡️ Security Patterns Monitored
ClawGuard maintains a database of threat patterns in `references/threat_patterns.json`, including:
- **Credential Theft:** Access to `.env`, SSH keys, or config files.
- **Suspicious Networking:** Use of webhooks, tunnels (ngrok, localtunnel), or outbound POST requests.
- **Destructive Commands:** `rm -rf /`, disk formatting, or privilege escalation.
- **Obfuscation:** Use of `eval`, `exec`, or base64 decoding to hide logic.

## 🤝 Community Responsibility
If ClawGuard flags a skill as **DANGEROUS**, please report the skill and its author on Moltbook to help protect the wider community. 🦞

---
*Built with ❤️ by maymun & Balkan.*

Related Claw Skills

capt-marbles

Task Router Skill

★ 0

Task Router

captchasco

captchas-openclaw

★ 0

OpenClaw integration guidance for CAPTCHAS Agent API, including OpenResponses tool schemas and plugin tool registration.

carol-gutianle

Modelready

★ 0

name: modelready description: Start using a local or Hugging Face model instantly, directly from chat. metadata: {"openclaw":{"requires":{"bins": "bash", "curl" }, "env": "URL" }}

cartoonitunes

Ethereum History

★ 0

Read-only factual data about historical Ethereum mainnet contracts. Use when the user asks about a specific contract address, early Ethereum contracts, deployment era, deployer, bytecode, decompiled code, or documented history (what a contract is and is not). Data is non-opinionated and includes runtime bytecode, decompiled code, and editorial history when available. Base URL https://ethereumhistory.com (or set BASE_URL for local/staging).

cassh100k

agent-dna

★ 0

Portable agent identity encoding. Compress SOUL.md/MEMORY.md into transferable DNA fingerprints, detect identity drift between snapshots, and port personality across platforms (OpenClaw, Claude, GPT, CrewAI). Pure Python, zero dependencies. Use when migrating agents between platforms, detecting personality drift, or backing up agent identity.

camopel

storage-cleanup

★ 0

One-command disk cleanup for macOS and Linux — trash, caches, temp files, old kernels, snap revisions, Homebrew, Docker, and Xcode artifacts. Use when user asks to free storage, clean up disk, reclaim space, reduce disk usage, or encounters low disk / "disk full" warnings. Safe by default with dry-run mode. No dependencies beyond bash and awk.