Watches what skills actually do at runtime and flags anything that doesn't match their declared permissions. Catches things like undeclared network calls, credential file access, and shell commands that shouldn't be happening. If a code reviewer suddenly starts reading your .env file or a docs generator fires off a curl command, you'll know immediately. The alert format is clear and actionable, with severity levels that range from "log it" to "kill it now and rotate your keys." Built by the UseClawPro team with a 96 trust score. Think of it as a behavioral firewall for the skills layer, useful if you're running third party skills or want defense in depth for your own workspace.
npx skills add https://github.com/useai-pro/openclaw-skills-security --skill skill-guard