ClawHub

Security Operator

v2.2.0

Runtime security guardrails for OpenClaw agents. Protects against prompt injection, excessive agency, cost runaway, credential leaks, and cascade effects. In...

0· 761·4 current·4 all-time
byKevin Jeppesen @ TheOperatorVault.io@kevjade
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (runtime guardrails, audits, setup wizard) match the actual instructions: audit commands, advice, a setup wizard that appends guardrails to AGENTS.md, and an optional local firewall script. No unrelated credentials, binaries, or external services are requested.
Instruction Scope
Runtime instructions stay on-purpose: detect/ignore prompt injection, require explicit approval for high-risk actions, perform audits, and optionally append AGENTS.md or schedule a cron job. They reference local checks (proc, whoami, /tmp/openclaw) and OpenClaw CLI usage only. The one persistent action (append AGENTS.md) and the optional cron are explicit and require user confirmation in the workflow.
Install Mechanism
No remote install spec or downloads. The only code file is a local install.sh that defaults to a plan-only (no-change) mode and only applies UFW changes when run with --apply-firewall and user confirmations. No extracts or external URLs are used.
Credentials
The skill declares no required environment variables or credentials. The guidance around credentials is conservative (refer to env var names, confirm presence without printing values). There are no disproportionate secret requests.
Persistence & Privilege
The setup wizard can append guardrails to AGENTS.md and optionally schedule a cron job (both persistent changes). These actions are explicit in the workflow and require user consent; review what will be written and the cron payload before agreeing.
Scan Findings in Context
[prompt_injection_pattern:ignore-previous-instructions] expected: The SKILL.md and reference docs intentionally mention common injection phrases (e.g., 'ignore previous instructions') as examples to detect and block prompt injection. The scanner flagged this phrase, but its presence here is appropriate and expected for a security guardrails document.
Assessment
This skill appears to be what it says: a set of guardrails plus a safe, plan-only install script. Before installing/running: 1) Open SKILL.md and the AGENTS.md patch it will append and confirm you like the exact content; 2) If you run scripts/install.sh, run it first without --apply-firewall to inspect the printed commands; only run --apply-firewall if you have console/backdoor access and understand the UFW commands; 3) Review the cron payload and be comfortable with scheduling a periodic 'openclaw security audit'; 4) Confirm that 'openclaw security audit --fix' behavior is acceptable (it will change OpenClaw defaults and file permissions per the doc); and 5) Although the pre-scan flagged a prompt-injection phrase, it’s used here as an example to detect attacks — still review the content for any unexpected outbound endpoints or hidden commands before granting persistent changes.

Like a lobster shell, security has layers — review code before you run it.

latestvk970b84sfmq50qy85c4y55bh6981kzwy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛡️ Clawdis

Comments