ClawHub

SkillFence

v1.0.6

Runtime security monitor for OpenClaw skills. Watches what your installed skills actually DO — network calls, file access, credential reads, process activity. Not a scanner. A watchdog.

3· 1.8k·1 current·1 all-time
by@deeqyaqub1-cmd·duplicate of @deeqyaqub1-cmd/zero-rules
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill is described as a runtime monitor and its code implements file scanning, process checks, and network-connection inspection via local system commands. Required resources are limited to Node.js and the user's HOME filesystem (for logs/state), which is proportionate to the stated purpose.
Instruction Scope
SKILL.md instructs running monitor.js and describes scanning installed skills, checking processes, network connections, and file metadata. The code reads skill files (readFileSync) for pattern matching and uses execSync/spawn to gather process/network state — all within monitoring scope. Minor note: SKILL.md repeatedly asserts 'never makes outbound network requests' and 'read-only' for credentials (only metadata). The included code appears to perform local checks only; however the README/marketing references a CascadeAI web dashboard / Pro features (external service) — although the bundled code does not obviously contact it, the documentation suggests an external dashboard exists. This is a small discrepancy worth noting but not disqualifying.
Install Mechanism
No installer is bundled (skill contains JS file + docs). Installation options in README point to ClawHub or a GitHub repo. No external archive downloads or opaque installers are executed by the code itself. This is low-risk as long as users pull the repo from a trusted source.
Credentials
The skill requests no environment variables or credentials and only uses process.env.HOME (or /tmp) to store logs and state. It scans skill directories under the user's home and looks for references to sensitive paths — appropriate for a monitor. It does not request unrelated cloud keys or tokens. It does read license/state files it creates in the user's HOME; that behavior is reasonable for local pro feature gating.
Persistence & Privilege
always:false and user-invocable:true. The skill writes state and an audit log under the user's HOME ('.skillfence-session.json', '.skillfence-audit.log', '.skillfence-license.json'), which is expected for a monitoring tool. It does not modify other skills or system-wide configs in the provided code. No forced global persistence is requested.
Scan Findings in Context
[child_process_exec] expected: monitor.js uses execSync and spawn to run local commands (ps, likely lsof/netstat) to inspect processes and network state; this is expected for a runtime monitor but these calls should be reviewed to ensure they don't execute untrusted input.
[reads_skill_files] expected: The scanner opens and reads installed skill files (readFileSync) to match patterns — required behavior for pre-install and on-demand scanning.
[writes_home_files] expected: The skill writes session, license, and audit log files into the user's HOME. This is expected for local state and audit trails; users should be aware of these files' locations.
[suspicious_ip_literal] expected: KNOWN_C2 contains raw IPs/domains (e.g., 54.91.154.110) for detection. The presence of these literals in code is appropriate for matching threat indicators.
[sensitive_path_strings] expected: SENSITIVE_PATHS lists many sensitive filenames/dirs to detect credential access. Detecting these strings in scanned skill source is consistent with the stated purpose.
Assessment
SkillFence appears coherent with its purpose as a local runtime monitor. Before installing: 1) Review the monitor.js file yourself (it’s small and included) to confirm behavior you’re comfortable with. 2) Confirm you trust the source/ GitHub repo the README points to (the registry owner ID, homepage, and GitHub repo user differ — verify origin). 3) Run it as a normal user (not root) so logs and scans run with limited privileges. 4) Note it will create files in your HOME (audit log, session state, license); back up sensitive files if you need to. 5) If you plan to enable any Pro/dashboard integration, confirm what data (if any) is sent externally — the bundled code appears local-only, but documentation references an external dashboard. Finally, when using features that analyze arbitrary commands/messages, avoid passing untrusted input that might be interpreted as shell commands; the monitor inspects strings, but always be cautious.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dxcn8yt1pppata1wb84cp3x810p8sopenclaw-managedvk97dxcn8yt1pppata1wb84cp3x810p8sruntime-monitoringvk97dxcn8yt1pppata1wb84cp3x810p8ssecurityvk97dxcn8yt1pppata1wb84cp3x810p8sthreat-detectionvk97dxcn8yt1pppata1wb84cp3x810p8swatchdogvk97dxcn8yt1pppata1wb84cp3x810p8s

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛡️ Clawdis

Comments