Skip to main content
OpenClaw is building an open ecosystem for AI agent skills — a place where developers publish, discover, and install capabilities for agents like Claude Code, Cursor, and Windsurf. Panguard Skill Auditor is the security infrastructure that makes this ecosystem trustworthy.

Why OpenClaw Needs a Security Layer

Mobile app stores learned this lesson years ago: an open platform without security review becomes a malware distribution channel. The same principle applies to AI skill ecosystems.
App StoreOpenClaw Ecosystem
App review processPanguard Skill Auditor
Malware scanningPrompt injection + tool poisoning detection
Permission reviewPermission scope analysis
Code signingManifest validation + integrity checks
User ratingsQuantitative risk score (0-100)
Without automated security scanning, every skill installation is a trust decision made blindly. Panguard makes that decision informed.

Architecture

Developer publishes skill
         |
         v
  ┌──────────────┐
  │  OpenClaw     │
  │  Registry     │
  │  (ClawdHub)   │
  └──────┬───────┘

         v
  ┌──────────────┐     ┌─────────────────┐
  │  claw install │────>│ Panguard Skill  │
  │              │     │ Auditor         │
  └──────────────┘     └────────┬────────┘

                    ┌───────────┼───────────┐
                    v           v           v
              Risk Score   Findings    Verdict
              (0-100)    (per check)  (PASS/FAIL)

                                v
                    ┌───────────────────┐
                    │  Install / Block  │
                    └───────────────────┘

Integration Points

1. Pre-Install Gate

The simplest integration: run Skill Auditor before every claw install. 
# Audit before install
panguard audit skill ./skills/new-skill --json | jq '.riskLevel'

# Automated gate
audit_and_install() {
  local SKILL_PATH="$1"
  local RESULT=$(panguard audit skill "$SKILL_PATH" --json)
  local RISK=$(echo "$RESULT" | jq -r '.riskLevel')
  local SCORE=$(echo "$RESULT" | jq -r '.riskScore')

  echo "Risk: $RISK ($SCORE/100)"

  if [ "$RISK" = "CRITICAL" ]; then
    echo "BLOCKED: Critical security issues found"
    echo "$RESULT" | jq '.findings[]'
    return 1
  fi

  if [ "$RISK" = "HIGH" ]; then
    echo "WARNING: High risk. Review findings before installing."
    echo "$RESULT" | jq '.findings[]'
    read -p "Continue anyway? (y/N) " confirm
    [ "$confirm" = "y" ] || return 1
  fi

  claw install "$SKILL_PATH"
}

2. CI Pipeline for Skill Repositories

Add Skill Auditor to your GitHub Actions workflow to scan skills on every PR. 
# .github/workflows/skill-audit.yml
name: Skill Security Audit
on:
  pull_request:
    paths:
      - 'skills/**'

jobs:
  audit:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Install Panguard
        run: curl -fsSL https://panguard.ai/api/install | bash

      - name: Audit all skills
        run: |
          for skill_dir in skills/*/; do
            echo "Auditing $skill_dir..."
            RESULT=$(panguard audit skill "$skill_dir" --json)
            RISK=$(echo "$RESULT" | jq -r '.riskLevel')

            if [ "$RISK" = "CRITICAL" ] || [ "$RISK" = "HIGH" ]; then
              echo "::error::$skill_dir failed audit: $RISK"
              echo "$RESULT" | jq '.findings[]'
              exit 1
            fi
          done

3. Registry-Wide Scanning

Scan an entire skill registry to build a trust database. 
# Scan all skills in a registry
panguard audit skill --registry https://registry.openclaw.ai --json > audit-results.json

# Filter for risky skills
cat audit-results.json | jq '[.[] | select(.riskScore >= 40)]'

4. Fleet Policy Enforcement

Use Panguard Manager to enforce skill audit policies across your organization. 
# panguard-manager policy
skill_policy:
  require_audit: true
  max_risk_score: 39
  block_levels: ["CRITICAL", "HIGH"]
  auto_audit_on_install: true
  audit_cache_ttl: 86400  # re-audit daily

The Trust Chain

Panguard creates a verifiable trust chain for every skill in the OpenClaw ecosystem:
1

Publish

Developer publishes a skill to the OpenClaw registry with a SKILL.md manifest.
2

Scan

Panguard Skill Auditor runs 7 checks and assigns a risk score.
3

Attest

The audit result is recorded as a verifiable attestation linked to the skill version.
4

Enforce

Organizations set policies that block skills above their risk threshold.
5

Monitor

Skills are re-audited when updated. Score changes trigger alerts via Panguard Chat.

Supported Skill Formats

Skill Auditor supports any skill that follows the OpenClaw SKILL.md specification:
FormatSupport
OpenClaw SKILL.mdFull support
Claude Code custom commandsFull support
Cursor rules filesPartial (manifest checks skipped)
Generic markdown skill filesPartial (content checks only)
Panguard Skill Auditor is open source. Contribute new detection patterns at github.com/panguard-ai/panguard-ai.