ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Tophant Clawvault

AI security system for protecting agents from prompt injection, data leakage, and dangerous commands

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 31 · 0 current installs · 0 all-time installs
byAli0th@Martin2877
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (local proxy that inspects agent traffic) match the code and SKILL.md: the manager installs a 'clawvault' Python package, writes config under ~/.ClawVault, and proxies/inspects traffic for LLM hosts. Permissions (execute_command, read/write files, network) are consistent with that purpose.
Instruction Scope
SKILL.md and the manager explicitly state the proxy will see requests/responses and API keys (this is expected for a MITM-style local inspector). The instructions do not direct the agent to read arbitrary unrelated system files, but they do instruct creation/reading of ~/.ClawVault and use of the local dashboard API. The documentation warns that the dashboard has no auth by default and that ssl_verify is disabled by default — both are operational security concerns the user must accept or mitigate.
Install Mechanism
There is no platform install spec in the registry, but clawvault_manager.py runs pip to install the package from PyPI and falls back to GitHub. The code pins to clawvault>=0.1.0,<1.0.0 and a v0.1.0 GitHub tag fallback; SKILL.md/README text is inconsistent about pinning. Installing from PyPI/GitHub without cryptographic checksum verification is a supply-chain risk (acknowledged in SECURITY.md).
Credentials
The skill requests no external credentials or environment variables in metadata. The proxied traffic will expose API keys and PII to the local process (explicitly documented). The level of access requested (file read/write in ~/.ClawVault, network, execute) is proportionate to a proxy/inspector tool.
Persistence & Privilege
always is false and the skill does not request forced global persistence. The skill writes only to its own config directory (~/.ClawVault). It does run pip install which makes system changes consistent with installing a package; it does not modify other skills or system-wide agent settings in the provided code.
Assessment
This skill appears to be what it says: a local proxy that inspects AI traffic. That capability is powerful and risky — the proxy will see API keys, prompts, and responses. Before installing: (1) Review the clawvault_manager.py source and SECURITY.md; (2) Prefer running in an isolated VM/container for initial evaluation; (3) Ensure the dashboard binds to 127.0.0.1 (do NOT use 0.0.0.0) or require SSH tunneling/reverse proxy with auth; (4) Consider pinning the exact clawvault package version and verifying checksums rather than allowing unpinned PyPI installs; (5) Change ssl_verify=false only with full understanding — MITM inspection requires disabling verification but reduces guarantees; (6) Configure audit log retention and secure/remove ~/.ClawVault/audit.db as needed; (7) If you cannot audit the upstream package or run it in isolation, avoid installing in production systems that hold sensitive credentials. The README/SECURITY.md call these out, but pay attention to the documented inconsistencies (registry SKILL.md version vs. package manager usage and wording about version pinning).

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.1.3
Download zip
latestvk970zpc8za4as78z3z4g9mnvgh835gdv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

ClawVault Skill

AI security system for OpenClaw with installation, rule generation, detection, and monitoring.

Protection Against:

  • Prompt injection attacks
  • Data leakage (PII, credentials, API keys)
  • Dangerous command execution
  • Jailbreak attempts

Commands

/clawvault start

Start ClawVault services.

clawvault start                  # Default: localhost only (secure)
clawvault start --mode strict    # Strict mode

/clawvault install

Install ClawVault.

/clawvault install --mode quick     # Recommended
/clawvault install --mode standard  # Interactive
/clawvault install --mode advanced  # Full control

/clawvault health

Check service health and status.

/clawvault health

/clawvault generate-rule

Generate security rules from natural language.

/clawvault generate-rule "Block all AWS credentials"
/clawvault generate-rule --scenario customer_service --apply

Scenarios: customer_service, development, production, finance

/clawvault status

Get running status and statistics.

/clawvault status

/clawvault test

Run detection tests.

/clawvault test --category all
/clawvault test --category sensitive

Categories: all, sensitive, injection, commands

/clawvault uninstall

Remove ClawVault.

/clawvault uninstall
/clawvault uninstall --keep-config  # Keep configuration

Quick Examples

# Install
/clawvault install --mode quick

# Generate rule
/clawvault generate-rule "Detect database passwords" --apply

# Apply scenario
/clawvault generate-rule --scenario customer_service --apply

# Check health
/clawvault health

Requirements

  • Python 3.10+
  • Ports 8765, 8766 available

Permissions

  • execute_command - Run installation and ClawVault commands
  • write_files - Create configuration files
  • read_files - Read configurations
  • network - Download packages and API calls

Security Considerations

⚠️ Important: ClawVault operates as a local HTTP proxy that inspects AI traffic.

What This Means:

  • ClawVault can see API requests, responses, and API keys
  • This is intentional and necessary for threat detection
  • All data stays on your local machine

Dashboard Security:

  • Default: Binds to 127.0.0.1 (localhost only) ✅ Secure
  • For remote access: Use SSH tunneling instead of exposing dashboard
  • Example: ssh -L 8766:localhost:8766 user@server

Before Installing:

  • Review the SECURITY.md documentation
  • Understand that ClawVault will inspect all proxied traffic
  • Ensure dashboard binding is appropriate for your environment
  • Consider running in isolated environment for sensitive use cases

For Production:

  • Use localhost-only dashboard
  • Enable strict mode: --mode strict
  • Configure audit log retention
  • Review detection logs regularly

See SECURITY.md for complete security documentation.

Documentation

License

MIT © 2026 Tophant SPAI Lab

Files

5 total
Select a file
Select a file to preview.

Comments

Loading comments…