ClawHub

permission guard

Security checks across malware telemetry and agentic risk

Overview

This security-watchdog skill is purpose-aligned, but it automatically creates persistent local baselines that include metadata about sensitive credential locations.

Install only if you want a local security-audit skill that can inspect agent activity and write persistent audit records. Review or change its baseline behavior before use, especially the default checks of SSH, AWS, GnuPG, and git config metadata, and periodically delete or protect ~/.openclaw audit files if they contain sensitive operational history.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger guidance is unusually broad and explicitly says to run proactively after any skill installation, which can cause this skill to activate in many routine contexts without a narrowly scoped user request. Because the skill has Bash/Read/Write access and performs filesystem and network inspection, over-triggering increases unnecessary exposure to sensitive local state and can normalize intrusive monitoring.

Session Persistence

Medium
Category
Rogue Agent
Content
name: permission-guard
description: Security watchdog for OpenClaw agents that monitors installed skill behavior, detects unauthorized file access, suspicious outbound network calls, dangerous command patterns, and generates permission audit reports. Use this skill whenever the user asks about agent activity ("what did my agent do", "check what my skill accessed", "monitor agent permissions", "permission report", "activity log", "did my agent do anything weird", "skill behavior audit", "what files did my agent touch"), after installing a new skill to establish a behavior baseline, or when suspicious or unexpected behavior is suspected. Trigger proactively after any skill installation — a first-run baseline check is always worthwhile.
compatibility: Designed for OpenClaw agents (openclaw.ai). Requires shell access for filesystem and network inspection.
allowed-tools: Bash Read Write
---

# Permission Guard
Confidence
93% confidence
Finding
Write --- # Permission Guard A runtime security watchdog for OpenClaw agents. Its purpose is to give users clear visibility into what their installed skills are actually doing — catching unexpected

Session Persistence

Medium
Category
Rogue Agent
Content
After any new skill is installed, capture a baseline before the skill runs for the first time. This makes future behavioral drift detection much more precise.

```bash
mkdir -p ~/.openclaw/baselines
stat ~/.ssh ~/.aws ~/.gnupg ~/.gitconfig 2>/dev/null \
  > ~/.openclaw/baselines/[skill-name]-baseline.txt
touch ~/.openclaw/last-check
Confidence
95% confidence
Finding
mkdir -p ~/.openclaw/baselines stat ~/.ssh ~/.aws ~/.gnupg ~/.gitconfig 2>/dev/null \ > ~/.openclaw/baselines/[skill-name]-baseline.txt touch ~/.openclaw

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal