ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

permission guard

v1.0.0

Security watchdog for OpenClaw agents that monitors installed skill behavior, detects unauthorized file access, suspicious outbound network calls, dangerous...

0· 15·0 current·0 all-time
by@billyhetech
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the runtime instructions: the SKILL.md explicitly performs filesystem and network inspection, keeps a local log, and produces permission reports. The requested actions (find, ss, grep, stat, touch, mkdir) are proportionate to a watchdog that monitors agent behavior.
Instruction Scope
Instructions instruct the agent to scan the user's home and review system network state and command logs, and to maintain files under ~/.openclaw. This is within the declared monitoring scope, but the checks reference sensitive paths (e.g., ~/.ssh, ~/.aws, /etc/shadow) and will only be fully effective if the agent has sufficient privileges to see them. The SKILL.md also assumes standard shell tools (find, ss, grep, stat, touch, mkdir) exist but the registry metadata lists no required binaries — a minor mismatch to be aware of.
Install Mechanism
Instruction-only skill with no install spec and no code files. Nothing is downloaded or written beyond the logs and baselines described in the SKILL.md.
Credentials
The skill requests no environment variables, no credentials, and no external config paths. It does not ask for or embed secrets and explicitly states logs remain local.
Persistence & Privilege
The skill writes to ~/.openclaw/permission-guard.log and creates baseline files under ~/.openclaw/baselines; this is reasonable for a watchdog but does create persistent artifacts in the user's home. The skill is not always:true and does not require elevation in its metadata, but to inspect some system files (e.g., /etc/shadow) it would need elevated privileges — avoid running the agent as root unless you understand the implications.
Scan Findings in Context
[no_regex_findings] expected: The static scanner found no code patterns because this is an instruction-only skill (SKILL.md contains the runtime behavior). That absence of findings is expected but does not replace the manual review of the instructions.
Assessment
This skill appears to do what it says: local monitoring and reporting of file access, network connections, and suspicious commands. Before installing: (1) Review and accept that it will create ~/.openclaw/permission-guard.log and baseline files and will scan your home directory. (2) Do not run your agent as root solely to enable the watchdog—some checks (like /etc/shadow) require elevation and granting that broadly increases risk. (3) Consider running the script manually first to inspect its output and confirm it behaves as you expect. (4) If you allow autonomous invocation, require the agent to prompt you before running checks that access sensitive areas. If you need stricter guarantees, prefer running the watchdog on-demand or in a limited account rather than granting it elevated system privileges.

Like a lobster shell, security has layers — review code before you run it.

latestvk97841sk1p7chp385rm7ekseds84b50t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments