skill-scanner-guardlisted
Install: claude install-skill jason-allen-oneal/openclaw-skill-scanner
# Skill Scanner Guard
Harden OpenClaw’s skill supply chain:
- Scan skills with **cisco-ai-defense/skill-scanner**
- Block only on **High/Critical**
- Allow **Medium/Low/Info** but warn
- Auto-scan on changes to `~/.openclaw/skills`
- Quarantine failing skills to `~/.openclaw/skills-quarantine`
## Quick start
### Install skill-scanner (repo + uv env)
```bash
cd "$HOME/.openclaw/workspace"
# or wherever you keep repos
git clone https://github.com/cisco-ai-defense/skill-scanner
cd skill-scanner
CC=gcc uv sync --all-extras
```
Note: some environments try `gcc-12` while building `yara-python`; forcing `CC=gcc` avoids that.
## Workflows
### 1) Scan all user skills (manual)
User skills live at:
- `~/.openclaw/skills`
Run:
```bash
$HOME/.openclaw/skills/skill-scanner-guard/scripts/scan_openclaw_skills.sh
```
Outputs go to:
- `/home/rev/.openclaw/workspace/skill_scans/`
### 2) Install a folder skill with scan gate (copy/clone workflow)
Use the wrapper instead of copying directly:
```bash
$HOME/.openclaw/skills/skill-scanner-guard/scripts/scan_and_add_skill.sh /path/to/skill-dir
```
Policy:
- Block only if **High/Critical** exist (unless `--force`)
- Still installs if only Medium/Low/Info exist, but prints a warning summary
### 3) Install from ClawHub with scan gate (staging install)
Install to a staging dir, scan, then copy into `~/.openclaw/skills` only if allowed:
```bash
$HOME/.openclaw/skills/skill-scanner-guard/scripts/clawhub_scan_install.sh <slug>
# optionally
$