ShieldClaw
Security checks across malware telemetry and agentic risk
Overview
ShieldClaw is coherent as a security tool, but it requests broad monitoring/control behavior and relies on unreviewed external components for its most sensitive functions.
Treat this as a security-sensitive installation: verify the missing @shieldclaw dependencies and source, confirm the real-time Guard actually works, and review default monitoring, logging, and vault storage settings before relying on it.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user cannot verify from these artifacts what code will monitor files/network activity or handle stored secrets.
The active integration imports external packages that implement scanning, guarding, auditing, and vault behavior, but those packages and any dependency lockfile are not included in the supplied artifacts.
import { createCore, closeCore, } from '@shieldclaw/core'; ... import ScanPlugin from '@shieldclaw/scan'; import GuardPlugin from '@shieldclaw/guard'; import AuditPlugin from '@shieldclaw/audit'; import VaultPlugin from '@shieldclaw/vault';Install only after reviewing the referenced @shieldclaw packages, their source/provenance, and pinned versions or hashes.
The skill could interfere with legitimate local activity or block access to sensitive paths if its rules are too broad.
The skill advertises high-impact controls over local files, network requests, and process execution, with Guard enabled by default, but the documentation does not clearly bound when actions are blocked or how the user approves and reverses them.
Capabilities: - File system monitoring - Network request interception - Process execution control ... guard.enabled | Enable protection | true
Before enabling Guard, review and narrow its rules, confirm user approval behavior, and keep an allowlist or rollback path available.
Users may believe active protection is fully in place when the visible integration code may not actually implement the advertised hooks.
One included integration file explicitly marks filesystem/network/process hook implementation as TODO while still logging that hooks are initialized, which can overstate the reviewed implementation's real-time protection.
initHooks() { // TODO: 实现 fs/network/process 的 Hook this.core.logger.info('[HookFramework] Hooks initialized'); }Verify the real OpenClaw hook integration and test Guard enforcement before relying on this skill for protection.
Passwords, API keys, private keys, and audit logs may remain on the device and need the same care as other secrets.
The skill intentionally stores and later displays sensitive vault data and audit records; this is aligned with the Vault/Audit purpose but creates persistent sensitive local state.
"Store this password for me" ... "View my saved sensitive data" ... "Audit logs stored in local SQLite database"
Use strong local device security, understand retention/export settings, and avoid storing secrets unless you trust the vault implementation.