ClawHub

clawguard

v1.0.2

Security review and risk auditing for OpenClaw skills and deployments. Inspect third-party skills, dangerous instructions, credential requests, privilege ris...

0· 162·0 current·0 all-time
by@duclawbot
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included code and rules. The code implements a local pattern-based scanner (rules/skill_review.json) that inspects SKILL.md, scripts, and other text files under a user-provided skill directory. There are no unrelated environment variables, remote endpoints, or cloud APIs requested.
Instruction Scope
SKILL.md describes local-first review behavior and the implementation follows that: scan_skill walks the given skill directory, reads text files, applies rules, and returns a structured report. The instructions and code do not read unrelated system config files, network endpoints, or secret-bearing env vars. The scanner excludes its own rules and references directories from inspection.
Install Mechanism
No install spec or remote downloads. The skill is instruction-only (scripts included for local execution). No archives, third-party package installs, or network fetches are performed by the code itself.
Credentials
The skill requires no credentials or sensitive environment variables. It optionally honors WORKSPACE_ROOT to choose where to persist reports; otherwise it uses a sensible per-user path (~/.openclaw/workspace). This level of access is proportionate for a reporting tool.
Persistence & Privilege
The skill writes and persists reports under the user's workspace (~/.openclaw/workspace/memory/clawguard/reports.json). This is expected for an audit tool, but users should know reports are stored locally and that the skill will create that directory if it doesn't exist. always is false and the skill does not modify other skills or system-wide settings.
Assessment
This skill is internally consistent with its stated purpose and is safe to run locally for auditing other skills. Before installing/running: (1) review rules/skill_review.json if you want different patterns or to reduce false positives, (2) note that reports are persisted under ~/.openclaw/workspace by default (set WORKSPACE_ROOT to change), and (3) treat its findings as automated signals that require manual review — the scanner can produce false positives/negatives and does not guarantee complete security. If you plan to let an autonomous agent invoke this skill, know it can read local skill directories you point it at and will write reports to the workspace; that is expected behavior but verify the agent's scope and permissions first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dm6zes48k25q4jtv3af1p2582wmh4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments