guard-scanner

Overview

The guard-scanner skill is a comprehensive security solution for AI agent skills, providing both static and runtime scanning capabilities. It detects 22 threat categories, including prompt injection, credential theft, exfiltration, and more, and blocks dangerous tool calls in real-time via the Runtime Guard hook.

Key Features

• Static scanning: 135 static patterns across 22 categories, with zero dependencies and a scan time of 0.016ms.
• Runtime Guard: 26 runtime patterns (5 layers) that block dangerous tool calls in real-time.
• Zero network requests: guard-scanner makes no network requests, ensuring complete security and privacy.
• Local reports only: Output files (JSON/SARIF/HTML) are written to the scan directory.

How It Works

The guard-scanner skill can be used in various scenarios, including before installing a new skill, after updating skills, periodically to audit installed skills, and in CI/CD to gate skill deployments. The skill provides a quick start guide for static scanning and runtime guard setup.

Use Cases

• Pre-install gate: Use guard-scanner to scan skills before installing them from ClawHub or external sources.
• Post-update audit: Run guard-scanner after updating skills to check for newly introduced threats.
• Periodic auditing: Use guard-scanner periodically to audit your installed skills.
• CI/CD gate: Integrate guard-scanner into your CI/CD pipeline to gate skill deployments.