guava-guard

Community

Scan AgentSkills for malware and security threats

Authorsky770825
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill addresses the critical security gap in the ClawHub ecosystem, where 36.8% of skills contain security flaws and malicious payloads can steal credentials or execute arbitrary code. It eliminates the risk of installing compromised skills by scanning for prompt injection, malicious code, suspicious downloads, and known threat indicators before they reach your workspace.

Core Features & Use Cases

  • Threat Detection: Scans for 8 categories of threats aligned with the Snyk ToxicSkills taxonomy, including prompt injection, malicious code execution, credential theft, and obfuscation techniques.
  • Context-Aware Analysis: Reduces false positives by approximately 80% by matching code patterns only in executable files such as js, py, and sh, while ignoring documentation.
  • Use Case: A developer installing third-party skills from ClawHub can run this scanner to verify each skill is safe, catching threats like the ClawHavoc campaign's fake prerequisites and Atomic Stealer malware before execution.

Quick Start

Use the guava-guard skill to scan the directory ~/.openclaw/workspace/skills/ for security threats and report any malicious patterns found.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: guava-guard
Download link: https://github.com/sky770825/NEUXA-/archive/main.zip#guava-guard

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 537,000+ vetted skills library on demand.