diff --git a/skills/agentguard/SKILL.md b/skills/agentguard/SKILL.md index dec1189..4867e59 100644 --- a/skills/agentguard/SKILL.md +++ b/skills/agentguard/SKILL.md @@ -614,7 +614,14 @@ Run a comprehensive agent health checkup across 6 security dimensions. Generates Run these checks in parallel where possible. These are **universal agent security checks** — they apply to any Claude Code or OpenClaw environment, regardless of whether AgentGuard is installed. -1. **[REQUIRED] Discover & scan installed skills** (→ feeds Dimension 1: Code Safety): Glob `~/.claude/skills/*/SKILL.md` and `~/.openclaw/skills/*/SKILL.md`. For each discovered skill, **run `/agentguard scan `** using the scan subcommand logic (24 detection rules). Collect the scan results (risk level, findings count, risk tags) for each skill. +1. **[REQUIRED] Discover & scan installed skills** (→ feeds Dimension 1: Code Safety): Glob ALL of the following paths for `*/SKILL.md`: + - `~/.claude/skills/*/SKILL.md` + - `~/.openclaw/skills/*/SKILL.md` + - `~/.openclaw/workspace/skills/*/SKILL.md` + - `~/.qclaw/skills/*/SKILL.md` + - `~/.qclaw/workspace/skills/*/SKILL.md` + + For **every** discovered skill, **run `/agentguard scan `** using the scan subcommand logic (24 detection rules). Do NOT skip any skill regardless of how many are found. Collect the scan results (risk level, findings count, risk tags) for each skill. 2. **[REQUIRED] Credential file permissions** (→ feeds Dimension 2: Credential Safety): Platform-aware check — behavior differs by OS: - **macOS/Linux**: Run `stat -f '%Lp' 2>/dev/null || stat -c '%a' 2>/dev/null` on `~/.ssh/`, `~/.gnupg/`, and if OpenClaw: on `$OC/openclaw.json`, `$OC/devices/paired.json`. **If the command returns empty output, the directory does not exist — treat as N/A (award full points), do NOT flag as a failure.** - **Windows**: `stat` is not available. Use `icacls ` to check ACLs instead. If the directory does not exist, treat as N/A (award full points). If it exists, check that the ACL grants access only to the current user (no `Everyone`, `Users`, or `Authenticated Users` with write/read access). Flag as FAIL only if the directory exists AND the ACL is overly permissive.