This skill helps agents perform secure skill-hash verification and guard/report API calls with raw HTTP.
- Compute
skill_scan_artifacts.manifestHashlocally with a deterministic manifest-hash algorithm. - Query
POST /v1/guard/skill-hashto check server-side status for a known manifest hash. - Run pre-action policy checks with
POST /v1/guard/evaluate(allow,warn,block). - Record post-action audit logs with
POST /v1/guard/events. - Report hash or zip samples with:
POST /v1/skill-report/upload-hashPOST /v1/skill-report/upload-file
- Use raw HTTP only, with examples for both
curl(macOS/Linux) and PowerShell (Windows).
- This skill is for verification and evidence collection, not automatic trust.
- If a hash is unknown or response signals ambiguity, require manual confirmation.
upload-hash,upload-file, andguard/eventsare reporting/logging routes, not verdict routes.
For OpenClaw、NanoBot、PoCaw、LobsterAI
Just send this message to your agent:
Please install the Claw_Guard skill. The repository URL is https://github.com/BitsLabSec/Claw_Guard.
For ZeroClaw
Run the command in your terminal:
zeroclaw skills install https://github.com/BitsLabSec/Claw_Guard
This skill is compatible with agents that can:
- Load
SKILL.md-based skills. - Run shell commands (
curlon macOS/Linux or PowerShell on Windows). - Send raw HTTP requests to external APIs.
Typical compatible environments include:
- OpenClaw
- NanoBot
- CoPaw
- LobsterAI
- NanoClaw
- NullClaw