Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
OpenClaw Safety Guard
v1.0.1Security guard skill for OpenClaw - Analyzes user input for harmful content, risky commands, and security threats before invoking LLM
⭐ 0· 175·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes a CLI tool (examples like `safety-guard ...`) and references Python + PyYAML installation, but the published package contains no code files or executable. The registry metadata lists python3 as a required binary but provides no actual binary or script. This incoherence (a claimed tool with no implementation) is unexpected and unexplained.
Instruction Scope
Instructions describe reading URLs and local files (e.g., /path/to/file.pdf) and a config path (~/.safety-guard/config.json), which is reasonable for a content-scanning tool, but the SKILL.md is high-level and presumes a runtime component that isn't present. It also mentions optional services (FIRECRAWL, APIFY) and many model API keys — these would enable network access and third-party services if implemented, but the actual behavior is unknown because no code is included.
Install Mechanism
Registry shows 'no install spec', yet SKILL.md metadata contains an install hint (pip install PyYAML). That discrepancy means there is no verified, repeatable installation path included with the published skill. Lack of a proper install manifest for a tool that claims to be a CLI is a red flag.
Credentials
The registry lists no required environment variables, but SKILL.md instructs users to set multiple provider API keys (OPENAI_API_KEY, ANTHROPIC_API_KEY, XAI, GEMINI_API_KEY and optional FIRECRAWL/APIFY tokens). Requiring numerous unrelated provider keys is plausible for a multi-model guard, but the package does not declare or justify those env requirements, increasing the risk of unexpected credential use if an implementation is obtained elsewhere.
Persistence & Privilege
The skill does not request 'always: true' and is user-invocable only. It does reference an optional config file under the user's home directory, which is normal for CLI tools. There is no evidence here of the skill attempting to modify other skills or request persistent elevated privileges.
What to consider before installing
Do not install or run this skill as-is. The package contains only documentation and conflicting metadata: there is no CLI binary or source code even though the README shows CLI usage and a pip install hint. Steps to take before trusting this skill: 1) Ask the publisher for the actual source code or executable and a reproducible install manifest (e.g., pip package or GitHub release). 2) Verify the repository and owner identity (the included _meta.json has mismatched owner/slug/version info). 3) If you obtain code, review it for any network calls or credential exfiltration (it references many model API keys and optional third-party tokens). 4) Prefer skills that include code or a vetted install mechanism from a trusted source. If you must test, do so in an isolated environment and avoid supplying real API keys or sensitive files until you confirm the implementation.Like a lobster shell, security has layers — review code before you run it.
latestvk977983c2heb3jbvctd0ch8rfd82yah9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🛡️ Clawdis
Binspython3