ClawHub

ShieldClaw

v1.0.4

Security suite for OpenClaw. Provides security scanning, real-time protection, audit logging, and sensitive data encryption. Use this skill when users need s...

1· 119·0 current·0 all-time
by@jzming9
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description, manifest permissions (filesystem, network, storage), README and SKILL.md all describe a security suite that scans code, monitors file/network/process operations, audits events, and encrypts secrets. The declared capabilities align with the requested permissions and included code that wires in Scan/Guard/Audit/Vault plugins.
Instruction Scope
SKILL.md and README instruct the agent to scan skill directories, protect sensitive paths (default: ~/.ssh, ~/.aws), and store audit logs locally. This matches the skill purpose. Note: Guard promises real-time fs/network/process interception; the provided integration code contains a HookFramework skeleton and relies on external Guard plugin implementations to do the actual hooking. Verify what the Guard plugin does at runtime before enabling strict/automatic blocking.
Install Mechanism
No install spec (instruction-only install) is provided, but compiled JS files are bundled in the package (dist/*.js). Nothing downloads arbitrary archives or uses an untrusted URL. There is no installer that fetches code from unknown hosts in the manifest.
Credentials
The skill does not request environment variables or credentials, which is appropriate. However it defaults to protecting/accessing highly sensitive filesystem locations (~/.ssh, ~/.aws) and uses the system keychain for encryption keys and a local SQLite DB. These are proportionate to a local security product, but you should be aware the skill will read/write those locations and may require OS keychain APIs.
Persistence & Privilege
always is false and autonomous invocation is allowed by default. The skill will create configuration and database files in the user's data directory (documented in README). That local persistence is expected for an audit/guard/vault product and doesn't modify other skills or system-wide agent settings.
Assessment
ShieldClaw appears internally consistent with a local security tool, but before installing: 1) review the runtime behavior of the included plugins (@shieldclaw/scan, /guard, /audit, /vault) since only their import names appear in the bundle — these implementations determine whether any network calls or unexpected operations occur; 2) be aware the skill will access/monitor sensitive paths (default ~/.ssh and ~/.aws) and will create a local DB and config files in your user data directory; 3) if you plan to enable Guard strict/auto-blocking or automatic scans on install, test in a controlled environment first so you don't accidentally block legitimate tools; and 4) if you require higher assurance, ask the author for the source code of the referenced @shieldclaw/* packages or run the plugin in a sandbox to inspect its behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk978v57twt7mdkg76yxftewa2h839qqm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments