v1.0.4

ShieldClaw

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:34 AM.

Analysis

ShieldClaw is a plausible security tool, but it requests high-impact security authority while delegating key behavior to external packages not included here and the visible guard-hook code appears incomplete.

GuidanceReview this skill carefully before installing. Its goals are coherent for a security suite, but it needs broad local authority and trust in external @shieldclaw packages that were not included in the supplied artifacts. Confirm the real-time guard implementation and secret-storage behavior before relying on it for protection.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusConcern

apps/openclaw-integration/dist/index.js

import { createCore, closeCore, } from '@shieldclaw/core';
import ScanPlugin from '@shieldclaw/scan';
import GuardPlugin from '@shieldclaw/guard';
import AuditPlugin from '@shieldclaw/audit';
import VaultPlugin from '@shieldclaw/vault';

The core scanning, guard, audit, and vault behavior is delegated to external packages that are not included in the supplied artifact contents, even though those components would handle filesystem, network, logs, and secrets.

User impactA user would be trusting unreviewed external modules for the most sensitive security functions.

RecommendationReview the provenance, versions, and source for the @shieldclaw packages before installing, especially because the skill handles sensitive data and system monitoring.

Human-Agent Trust Exploitation

SeverityMediumConfidenceMediumStatusConcern

dist/index.js

initHooks() {
        // TODO: 实现 fs/network/process 的 Hook
        this.core.logger.info('[HookFramework] Hooks initialized');
    }

The SKILL.md advertises real-time file, network, and process protection, but this visible hook implementation only logs initialization and contains a TODO for the actual hooks.

User impactUsers may believe real-time protection is active when the included integration code does not show implemented interception hooks.

RecommendationDo not rely on the real-time guard claims unless the missing hook implementation or platform integration is reviewed and confirmed.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusNote

SKILL.md

- File system monitoring
- Network request interception
- Process execution control

These are broad, high-impact controls over local and network operations. They are aligned with a security guard feature, but users should understand the authority being granted.

User impactIf misconfigured or implemented poorly, the skill could block or alter normal file, network, or process activity.

RecommendationInstall only if you want a security tool with this level of local control, and review guard configuration before enabling strict or broad protection.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

- "Encrypt this API Key"
- "Store this password for me"
- "Securely store this private key"
...
- System keychain for key storage

The vault feature is designed to handle credentials and private keys and to use the system keychain. This is expected for the stated purpose, but it is sensitive authority.

User impactThe skill may store or display highly sensitive secrets if the user asks it to.

RecommendationUse the vault only for secrets you intentionally provide, and confirm how stored secrets can be viewed, exported, or deleted.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

README.md

- **Database**: shieldclaw.db - Audit logs and configuration
- **Logs**: logs/ - Runtime logs
- **Keys**: System keychain (auto-managed)

The skill persists security logs, configuration, and vault key material locally. This is disclosed and purpose-aligned, but retained security data may be sensitive.

User impactLocal logs or databases may contain security-relevant history and metadata over time.

RecommendationReview retention settings, protect the local data directory, and clear logs when no longer needed.