{"skill":{"slug":"ironclaw-security-guard","displayName":"IronClaw Security Guard","summary":"Add lightweight defense-in-depth guardrails to OpenClaw with dangerous-command blocking, prompt-injection detection, secret redaction, and audit logging.","description":"---\nname: ironclaw-security-guard\nhomepage: https://github.com/wd041216-bit/openclaw-ironclaw-security-guard\ndescription: Add lightweight defense-in-depth guardrails to OpenClaw with dangerous-command blocking, prompt-injection detection, secret redaction, and audit logging.\n---\n\n# IronClaw Security Guard\n\nUse this skill when an OpenClaw runtime needs lightweight security guardrails rather than a full sandbox.\n\n## What it is for\n\nUse it when the user wants to:\n\n- reduce risky shell execution\n- protect sensitive paths and credentials\n- detect prompt-injection patterns in untrusted content\n- redact secrets before outgoing messages\n- keep an audit trail of risky or blocked behavior\n\n## What it covers\n\n- shell-risk filtering\n- protected path detection\n- prompt-injection heuristics\n- outbound secret redaction\n- audit logging\n- manual inspection through `ironclaw_security_scan`\n\n## When to use it\n\n- local-model deployments\n- tool-heavy OpenClaw setups\n- environments with chat, shell, web, and file tools enabled\n- operator workflows that need safety checks without a heavyweight sandbox\n\n## Non-goals\n\nThis skill does not:\n\n- provide container isolation\n- guarantee malware containment\n- replace OS, network, or credential-hygiene controls\n\n## Operating workflow\n\n1. Check whether the plugin is enabled or running in `monitorOnly` mode.\n2. Review configured allowlists, blocked command patterns, and protected path patterns.\n3. Use `ironclaw_security_scan` first when content or tool parameters look suspicious.\n4. Prefer the least-privileged path for shell, network, and messaging actions.\n5. If the plugin blocks a call, inspect the audit log before overriding safeguards.\n\n## Output expectations\n\nGood use of this skill should usually produce:\n\n- a concise risk explanation\n- the matched finding category\n- a safer alternative when one exists\n- a note about whether the event should be audited or blocked\n\n","tags":{"latest":"0.2.0"},"stats":{"comments":0,"downloads":438,"installsAllTime":0,"installsCurrent":0,"stars":0,"versions":1},"createdAt":1774339875174,"updatedAt":1779078805727},"latestVersion":{"version":"0.2.0","createdAt":1774339875174,"changelog":"First public ClawHub release for the OpenClaw security guard plugin and bundled skill.","license":"MIT-0"},"metadata":{"setup":[],"os":null,"systems":null},"owner":{"handle":"wd041216-bit","userId":"s17djcs4rd60zq6rxnpn9xv3d583g4ew","displayName":"Da Wei","image":"https://avatars.githubusercontent.com/u/258555668?v=4"},"moderation":{"isSuspicious":false,"isMalwareBlocked":false,"verdict":"clean","reasonCodes":["review.llm_review"],"summary":"Review: review.llm_review","engineVersion":"v2.4.24","updatedAt":1780090068672}}