ClawGuard by jugaad-lab

What to consider before installing ClawGuard: - Purpose fit: This package is internally consistent: it implements a local threat DB, an OpenClaw plugin that hooks before tool calls, an MCP config scanner, and CLI hooks to check commands/URLs/skills. If you want a pre‑action security layer, the design matches that goal. - Audit trail (sensitive data): By default it logs full inputs to ~/.clawguard/audit.jsonl and stores checks in a local DB. Those logs can contain commands, URLs, or message texts that include secrets (API keys, tokens, private commands). If you install it, plan retention/rotation, restrict filesystem access, or modify logging to redact secrets. - Discord approvals = data leaving your host: Enabling the Discord approval feature will post check details (inputs and threat info) to a Discord channel. Only enable this if you control the channel, trust the community members there, and understand that potentially sensitive inputs will leave the machine. - MCP scanner scope: The MCP scanner auto‑discovers configs for many tools (Claude Desktop, Cursor, VS Code, etc.). That means it will read local app config files and may surface secrets. This behavior is expected for configuration auditing but you should run it in a controlled environment and review which paths it inspects. - Auto‑sync/network activity: Default config shows autoSync:true with a GitHub repo URL. If you require strictly offline/local operation, disable autoSync or review the sync implementation to ensure it only pulls known updates and doesn't leak telemetry. - Privileged integration: Enabling the OpenClaw plugin gives the package the ability to intercept and block tool calls. This is appropriate for a security enforcer, but verify the plugin code (openclaw-plugin.js) and test in a non‑production/sandboxed agent environment before enabling globally. - Verify code and permissions: Although the package appears coherent (no unexpected env var asks, no remote install URLs), you should inspect/verify: database sync code, any network calls the package makes (sync/report), and the Discord integration implementation. Consider running npm install in a sandbox and reviewing the package.json scripts and any postinstall hooks. - Suggested safe defaults before enabling broadly: set level=0 (silent) while evaluating, disable autoSync, keep discord.enabled=false, review and restrict audit access, and run the MCP scanner on a test machine first. If you want, I can: (1) scan the remaining truncated source files for network calls or secrets exfiltration patterns, (2) list the exact files that write to disk or perform network requests, or (3) produce recommended config changes (example config JSON) to limit exposure.