Oc Guard Skill
Security checks across malware telemetry and agentic risk
Overview
This appears to be a coherent OpenClaw configuration guard, but it can change local agent configuration so plans should be reviewed before applying.
Install this only if you want an agent-assisted guard for OpenClaw config changes. Use plan first, review the proposed changes carefully, and run apply --confirm only for changes you intend to make. Be aware that it reads and writes local OpenClaw configuration and may leave local diagnostic files under /tmp.
VirusTotal
65/65 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or poorly reviewed proposal could change how OpenClaw agents, tools, plugins, models, or gateway behavior work.
The bundled CLI is designed to modify broad OpenClaw configuration areas, including tools and plugins. This is aligned with the skill purpose and is mitigated by the documented plan/apply workflow, but it is still high-impact local mutation authority.
CONFIG_PATH = Path(... OPENCLAW_HOME / "openclaw.json" ...)
ALLOWED_PATH_PREFIXES = ("/channels", ... "/plugins", "/tools",)Run plan first, read the proposed changes, and use apply --confirm only when you intentionally want those configuration changes.
The skill may read or transform configuration that contains API keys, tokens, or other sensitive settings.
The CLI operates on the user's OpenClaw config and includes masking for secret-like fields, indicating it may encounter sensitive configuration values. This is expected for the stated purpose, and the artifacts do not show credential exfiltration.
CONFIG_PATH = Path(os.environ.get("OCGUARD_CONFIG_PATH", str(OPENCLAW_HOME / "openclaw.json"))).expanduser()
SECRET_RE = re.compile(r"(secret|token|apikey|api_key|password)", re.IGNORECASE)Use sanitized proposals where possible and avoid sharing receipts, logs, backups, or debug files if they may include real configuration details.
The skill depends on and runs local CLI tools, so those tools and their configured profiles affect the outcome.
The tool invokes local OpenClaw/OpenCode commands through subprocess. This is central to its purpose and the required binaries are disclosed, with no shell=True shown in the provided snippet.
OPENCLAW_BIN = Path(... shutil.which("openclaw") ...)
OPENCODE_BIN = Path(... shutil.which("opencode") ...)
def run(cmd, timeout=60, check=True, env=None):
return subprocess.run(cmd, capture_output=True, text=True, timeout=timeout, check=check, env=env)Ensure the openclaw and opencode binaries on PATH are the ones you trust, or set the documented environment overrides to explicit trusted paths.
Following the README install snippet may fail or cause confusion about which executable should be used.
The README install example references scripts/oc-guard, while the supplied manifest contains scripts/oc-guard.py. SKILL.md uses the .py path, so this looks like a documentation/package consistency issue rather than hidden code.
chmod +x scripts/oc-guard ln -sf "$PWD/scripts/oc-guard" ~/.local/bin/oc-guard
Use the SKILL.md command path, {baseDir}/scripts/oc-guard.py, or verify the intended executable before linking anything into your PATH.
Local diagnostic files may contain configuration details or model-generated proposal text that should not be treated as authoritative without review.
The tool keeps local logs, last proposal/plan files, and OpenCode debug output under /tmp. This is disclosed for diagnostics, but these files may retain sensitive or untrusted configuration context between runs.
LOG_PATH = Path("/tmp/openclaw-config-guard.log")
LAST_PROPOSAL_PATH = Path("/tmp/oc-guard-last-proposal.json")
LAST_PLAN_PATH = Path("/tmp/oc-guard-last-plan.json")
OPENCODE_DEBUG_PATH = Path("/tmp/oc-guard-last-opencode-output.txt")Inspect and delete /tmp/oc-guard-* or /tmp/openclaw-config-guard* files when handling sensitive configuration changes.