Rules of the Claw

AdvisoryAudited by Static analysis on May 10, 2026.

Overview

Detected: suspicious.prompt_injection_instructions

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteMedium Confidence

ASI04: Agentic Supply Chain Vulnerabilities

What this means

Users need to verify the included installer and rules file themselves before trusting it to modify Guardian behavior.

Why it was flagged

The registry metadata has limited provenance and no install spec even though a shell installer is included and documented.

Skill content

Source: unknown; Homepage: none; Install specifications: No install spec — this is an instruction-only skill; Code file presence: install.sh

Recommendation

Confirm the intended repository/source, inspect install.sh and the rules JSON, and verify local requirements before running the installer.

NoteHigh Confidence

ASI05: Unexpected Code Execution

What this means

Running the script can modify files in the user's OpenClaw configuration.

Why it was flagged

The skill asks the user to execute a local shell script. The provided script is purpose-aligned, but it runs with the user's local permissions.

Skill content

# Step 3: Run the install script
cd ~/.openclaw/workspace/skills/rules-of-the-claw
bash install.sh

Recommendation

Run the installer only after reviewing it, and execute it manually rather than letting an agent run it without confirmation.

NoteHigh Confidence

ASI10: Rogue Agents

What this means

Future OpenClaw/Guardian sessions may block commands according to this ruleset until the file is edited or restored from backup.

Why it was flagged

The installer replaces Guardian's rules file, creating persistent enforcement rules that affect future agent tool use.

Skill content

GUARDIAN_DIR="${HOME}/.openclaw/extensions/guardian"
RULES_FILE="${GUARDIAN_DIR}/guardian-rules.json"
...
cp "${SOURCE_RULES}" "${RULES_FILE}"

Recommendation

Review the installed rules, customize placeholders such as YOUR_APP/YOUR_ORG, and keep the generated backup if you may need to roll back.

Findings (1)

warn

suspicious.prompt_injection_instructions

Location: SKILL.md:33
Finding: Prompt-injection style instruction pattern detected.