ClawHub

Command Guardian

v1.3.2

Preflight safety guard for shell and infrastructure commands. Use before running commands that delete, overwrite, move, deploy, rewrite git history, change p...

0· 70·0 current·0 all-time
byKoi@jinhuadeng
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the packaged scripts and runtime instructions. The skill requires a Python interpreter and the SKILL.md tells the agent to run the included preflight.py and helper scripts; those scripts implement command classification, path checks, secret detection, and rollback hints as described.
Instruction Scope
The SKILL.md directs the agent to run local Python scripts that examine commands and filesystem paths and (per guardlib imports) may invoke subprocesses such as git. That behavior is expected for a preflight tool, but it does mean the skill will read workspace files, resolve paths (including environment-variable expansion), and query VCS state when given a cwd or allowed-root. Make sure callers provide an appropriate --cwd and --allowed-root to constrain its analysis; otherwise the analysis could examine broad parts of the filesystem.
Install Mechanism
There is no install spec or network download; the skill is instruction-only with bundled Python scripts. Nothing is fetched from external URLs or installed into system paths, which reduces supply-chain risk.
Credentials
The skill does not request environment variables or credentials. Its code uses os.path and expands environment variables when resolving paths (expected for path resolution) but does not require or exfiltrate secrets by design. The secret detection module flags inline secrets in commands rather than asking for external tokens.
Persistence & Privilege
always is false and the skill does not request persistent system-level privileges or modify other skills' configs. It runs as an on-demand local checker (agent-invoked), which is appropriate for its purpose.
Assessment
This skill appears coherent and implements what it promises, but review the bundled scripts before enabling them in an automated agent. Notes to consider before installing: (1) It executes locally via Python and may call subprocesses (e.g., git) and read filesystem paths — ensure the agent supplies a restrictive --allowed-root and appropriate --cwd so the checker only examines intended workspaces. (2) No external downloads or credentials are required, but you should still inspect scripts (guardlib.py, secret_guard.py, preflight.py) if you need higher assurance. (3) If you do not want automated agents to run preflight checks autonomously, restrict model/skill invocation in your policy; otherwise the skill can be invoked by the agent when it decides to run a risky command. (4) Run the included tests locally to validate behavior in your environment before granting broad trust.

Like a lobster shell, security has layers — review code before you run it.

latestvk975sf864yjgar43hwge3cwpfx8479j7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Any binpython, python3, py

Comments