guava-guard
CommunityScan AgentSkills for malware and security threats
System Documentation
What problem does it solve?
This Skill addresses the critical security gap in the ClawHub ecosystem, where 36.8% of skills contain security flaws and malicious payloads can steal credentials or execute arbitrary code. It eliminates the risk of installing compromised skills by scanning for prompt injection, malicious code, suspicious downloads, and known threat indicators before they reach your workspace.
Core Features & Use Cases
- Threat Detection: Scans for 8 categories of threats aligned with the Snyk ToxicSkills taxonomy, including prompt injection, malicious code execution, credential theft, and obfuscation techniques.
- Context-Aware Analysis: Reduces false positives by approximately 80% by matching code patterns only in executable files such as js, py, and sh, while ignoring documentation.
- Use Case: A developer installing third-party skills from ClawHub can run this scanner to verify each skill is safe, catching threats like the ClawHavoc campaign's fake prerequisites and Atomic Stealer malware before execution.
Quick Start
Use the guava-guard skill to scan the directory ~/.openclaw/workspace/skills/ for security threats and report any malicious patterns found.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: guava-guard Download link: https://github.com/sky770825/NEUXA-/archive/main.zip#guava-guard Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 537,000+ vetted skills library on demand.