Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Antivirus
v6.8.20MoltGuard — Protect you and your human from prompt injection, data exfiltration, and malicious commands. Source: https://github.com/openguardrails/openguardr...
⭐ 1· 1.9k·7 current·7 all-time
byOpenGuardrails@thomaslwang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes a security/guardrail plugin and all instructions revolve around installing and using a MoltGuard plugin for OpenClaw, which is consistent with the description. However, the skill does not declare required binaries even though the instructions call out 'openclaw plugins install' and 'node ...' commands — a mild coherence gap. No unrelated services or unexplained credentials are requested.
Instruction Scope
Runtime instructions tell the agent to read a local sample file (~/.openclaw/extensions/moltguard/samples/test-email-popup.txt), save credentials under ~/.openclaw/credentials/moltguard/, run node scripts under ~/.openclaw/extensions/moltguard/scripts/, and display API keys/quota via /og_status. Those actions access local config/credential paths and run local scripts, which are reasonable for a plugin but involve sensitive data and filesystem access; the skill doesn't explicitly declare or justify that access inside its metadata.
Install Mechanism
The skill is instruction-only (no install spec). Installation is delegated to the OpenClaw plugin system via 'openclaw plugins install @openguardrails/moltguard' — this will download and install external code at runtime. That's expected for a plugin, but because the SKILL.md itself doesn't include or audit the plugin code, users are installing external code implicitly; the install source is the OpenGuardRails project (GitHub link provided), which reduces but does not eliminate risk.
Credentials
The manifest declares no required environment variables or credentials, yet the instructions explicitly reference API keys, claiming credentials will be stored under ~/.openclaw/credentials/moltguard/ and showing /og_status that reveals an API key and quota. The skill will therefore interact with and surface sensitive credentials without declaring them in metadata — a proportionality/documentation gap that users should be aware of.
Persistence & Privilege
The skill does not request 'always: true' and is user-invocable only; it does describe storing credentials and placing scripts under the user's OpenClaw extension directory, which is normal for a plugin. Autonomous invocation is allowed (default), but that is expected for skills and not by itself a red flag here.
What to consider before installing
This skill appears to be a wrapper/integration for the MoltGuard OpenGuardRails plugin — that is coherent with its description. However: (1) the SKILL.md tells you to run 'openclaw plugins install' and Node scripts but doesn't declare those binaries as required — make sure OpenClaw and Node are installed and that you trust the plugin source before running install. (2) The instructions reference saving and showing API keys and reading files under ~/.openclaw — installing the plugin will place code and credentials under your home directory and may run scripts that contact external endpoints (the public Core or an enterprise Core URL). Review the plugin repository (the GitHub link in the SKILL.md) or inspect the installed files before granting it access to sensitive data. (3) Be cautious about using enterprise-enroll commands that point the agent to custom Core endpoints (these will transmit credentials to that endpoint). If you trust OpenGuardRails and will inspect the plugin code or run installation in a contained environment, the risk is reduced; otherwise treat this as potentially sensitive and verify the plugin first.Like a lobster shell, security has layers — review code before you run it.
latestvk97fwc0vbfvec9v0vgrrp6m56182smm6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🛡️ Clawdis