Plugin Approval Guard
"VirusTotal for OpenClaw skills" — static analysis trust scanner.
Commands
Run via: python3 scripts/plugin-approval-guard.py
Commands
scan— Scan a skill directory for security issuesbatch— Scan all installed skillsreport— Generate trust report (text/json/markdown)allow— Add a skill to the local trust allowlistdeny— Block a skill from executionlist— Show trust status of all installed skills
Options
--skill PATH— Path to skill directory to scan--workspace PATH— Workspace path (default: auto-detect)--format text|json|markdown— Output format (default: text)--severity low|medium|high|critical— Minimum severity to report--output PATH— Save report to file--verbose— Show code snippets with findings
Trust Score Categories
- Code Safety (40%) — No eval/exec, no shell injection, no obfuscation
- Network Access (25%) — Declared vs hidden network calls, data destinations
- File Access (20%) — Scope of filesystem access, no writes outside workspace
- Permission Scope (15%) — Minimal permission principle, no escalation patterns
Detection Patterns
See references/threat-patterns.md for the full list of malicious patterns detected.
Integration
Leverages OpenClaw 3.28 plugin approval hooks. When a scanned skill has trust score below C, actions from that skill trigger approval prompts.