Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
AI Safety Guard
v1.0.6Lightweight passive privacy guard for OpenClaw — intelligently prevents user data from leaking externally. TRIGGER: before the AI sends or outputs any data t...
⭐ 5· 234·0 current·0 all-time
byAndre Wu@andreqingyuwu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (a passive privacy guard) align with an instruction-only skill that tells the agent how to decide about external transmissions. No unrelated environment variables, binaries, or install steps are requested, which is proportionate to the claimed purpose.
Instruction Scope
The SKILL.md defines high-level decision logic for blocking, anonymizing, or allowing transmissions, but contains contradictory and ambiguous directives: e.g. it lists 'passwords, API keys, bearer tokens' as 'No useful anonymized form (never send raw)', yet Scenario 1 instructs: 'Log into Gmail... → SILENTLY EXECUTE → Execute the login, send credential to Gmail.' There are also conflicts about user interaction: 'Do not offer options, do not ask for confirmation' vs. 'Wait for the user to either correct the destination or explicitly confirm.' Terms like 'silently execute' vs. 'notify' are used inconsistently. These contradictions make it unclear what the agent should actually do in key cases (credentials, suspected phishing, background transmissions). The skill also instructs the agent to look at recent user messages and whether data was found 'in a file' but does not bound what files or contexts to inspect; that grants broad discretion to the agent in the absence of stricter rules.
Install Mechanism
No install spec and no code files (instruction-only). This is the lowest-risk distribution model and consistent with a policy-style skill that provides agent guidance rather than executable artifacts.
Credentials
The skill requires no environment variables, credentials, or config paths, which is proportionate. The instructions reference domains and destinations but do not request external credentials or keys from the host.
Persistence & Privilege
The skill does not request always:true, does not declare install-time writes, and is user-invocable only. It does not request persistent presence or modification of other skills' configs.
What to consider before installing
This skill is a rulebook the agent would follow to decide whether to send data externally. That design is reasonable, but the SKILL.md contains contradictory guidance in safety-critical places — notably around credentials and phishing handling. Before installing or enabling it:
- Ask the author to resolve contradictions (explicit precedence): clarify whether 'never send raw passwords/API keys' ever admits an exception for 'user-requested logins', and whether 'silently execute' means the user is always not prompted.
- Require explicit definitions for 'notify' vs 'silent' behavior and for which transmissions the guard may act without user confirmation.
- Confirm how the agent identifies 'suspicious domain' (rules, allowlist, telemetry) and whether any external lookups are performed.
- Test in a safe environment to see how it behaves with credential-bearing actions, background API calls, and file-based data the agent might discover.
Because this is instruction-only, its safety depends entirely on how your agent implements it. If you accept it, do so only after clarifying the ambiguous rules and testing expected vs. actual behavior; otherwise the agent may either leak secrets (if mis-implemented) or block legitimate actions (if too strict).Like a lobster shell, security has layers — review code before you run it.
latestvk979x8kv5gk4zc1ddvhfx070a583zbtw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.