ClawGuard
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing it will run third-party plugin code inside the OpenClaw gateway.
The guide installs a plugin from npm without pinning a specific version; this is expected for an installation guide, but it relies on external package provenance.
openclaw plugins install @capsulesecurity/clawguard
Install only if you trust the package source; consider verifying the npm package and linked repository, and pinning a reviewed version where possible.
Tool arguments, surrounding context, or other task details may appear in gateway logs or be processed by the configured LLM provider.
The plugin is designed to log tool-call details and forward tool context to the configured LLM for judging; this is central to the guardrail design but may include sensitive task data.
Logs tool call details ... Sends tool context to an LLM for security evaluation
Review logging, provider privacy, maxContextWords, and metrics settings before enabling; disable logToolCalls or metrics if they do not fit your privacy requirements.
A gateway token could be revealed to anyone who can see the session, logs, or copied troubleshooting output.
The troubleshooting section directs checking the local gateway token, and nearby instructions also read the OpenClaw config token. This is purpose-aligned troubleshooting but can expose credentials in terminal output or agent transcripts.
printenv OPENCLAW_GATEWAY_TOKEN
Do token comparisons locally when possible, redact token values before sharing output, and rotate the token if it is accidentally exposed.
Future tool calls may be delayed, logged, evaluated, or blocked according to the plugin configuration.
The installed plugin remains active in the gateway and evaluates tool calls before execution; the same section says it can block execution for high/critical risk calls.
ClawGuard registers a `before_tool_call` hook
Test in log-only mode if needed, keep the disable options documented, and ensure administrators know how to turn off or remove the plugin.