OpenClaw Warden Pro
ReviewAudited by ClawScan on May 10, 2026.
Overview
This appears to be a coherent local workspace security tool, but its recommended automatic protection mode can overwrite important workspace files and disable skills without per-action confirmation.
Install only if you want a local tool that can actively change your agent workspace. Before enabling the recommended automatic `protect` hook, create a baseline intentionally, test scan results manually, and make sure you know how to restore or unquarantine legitimate files and skills.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken detection could restore over legitimate edits, roll back important workspace files, or disable a skill by quarantining it.
The default recommended protection workflow can automatically modify workspace state and disable skills. That is purpose-aligned for a security tool, but it is high-impact and the artifacts do not describe a confirmation gate, dry run, or false-positive handling before automatic changes.
`protect` | Full scan + auto-restore + auto-quarantine + flag
Run `verify`, `scan`, or `full` manually first, establish and review the baseline, and only enable `protect` automation after confirming the rules work for your workspace.
Once configured, the tool may repeatedly run and change the workspace at session start or during periodic checks.
The artifact recommends recurring automatic execution through startup and heartbeat integrations. This is disclosed and user-configured, but it means the skill can keep taking protection actions after initial setup.
Session Startup Hook ... "command": "python3 scripts/integrity.py protect" ... Add to HEARTBEAT.md for periodic protection
Only add the startup hook or heartbeat entry if you want ongoing automatic enforcement; otherwise invoke scans manually.
Old copies of sensitive workspace files may remain under the integrity snapshot directory even after the originals change.
The skill creates persistent local snapshots used for restore. These files may include instructions, configuration, or other private workspace content.
Critical, config, and skill files are automatically snapshotted when the baseline is established.
Treat the `.integrity` snapshot area as sensitive, avoid storing secrets in monitored files, and remove snapshots if uninstalling or resetting the tool.
It is harder to verify provenance or updates for a tool that can automatically change your workspace.
The registry metadata does not provide a verified source or homepage, while the tool has authority to modify important workspace files and skill directories.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Review the included script from the package you install, compare it against a trusted upstream if available, and pin or archive the reviewed version.