Security gate that scans skills for malicious code, vulnerabilities, and suspicious patterns before installation.

• Runs four integrated scanners: aguara (prompt injection detection), skill-analyzer (malicious patterns and CVE database), secrets-scan (hardcoded credentials), and structure-check (malformed files and dangerous configurations)
• Accepts ClawHub skill names, GitHub URLs, or local paths as input and returns a three-tier verdict: BLOCKED (critical/high findings), REVIEW (medium findings), or SAFE (all passed)
• Always requires user confirmation after showing scan results; never installs automatically
• Trigger automatically when users mention installing, adding, or reviewing any skill to Claude Code, OpenClaw, or other AI agents