GuardSkills — Security Scanner for Skills

Static analysis security gate. Scans skill files for malicious patterns and produces a risk decision before allowing installation.

Rule — ALWAYS scan before installing

Before installing any skill (ClawHub, GitHub, local, or skills.sh), you MUST run a guardskills scan first. Never run clawhub install, skills add, or copy skill files without scanning.

Scan by source

1. ClawHub skills

When the user asks to install a ClawHub skill, scan it first:

guardskills scan-clawhub <owner/skill-slug>

Also accepts full URLs: