Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Mithilesh
v1.0.0ClawGuard governance layer that must run before any SQL, file-system, or API write. Use evaluate_action(action_type, justification, risk_level) to log/author...
⭐ 0· 74·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill implements a governance/audit layer that logs intent to a local SQLite ledger and provides rate-limiting via Redis — this matches the described ClawGuard purpose. Use of a local DB for an audit ledger is expected. The presence of a Redis-based velocity check is plausible for a governance layer but is an additional external dependency that should be disclosed.
Instruction Scope
SKILL.md and GUIDANCE.md clearly limit the tool to pre-write evaluation and audit-report read operations; the instructions do not request unrelated files or credentials. However, the SKILL.md does not mention the optional Redis velocity check or the fact the ledger is persisted to a local file named clawguard.db, which the code implements.
Install Mechanism
This is listed as instruction-only (no install spec) but the package includes a TypeScript entry (index.ts) and package.json with runtime dependencies (redis, sqlite, sqlite3). Without an install spec, required Node packages and TypeScript handling may not be present at runtime, causing failure. There is no published, vetted download source; the package expects Node modules to be available in the environment.
Credentials
requires.env lists none, but the code reads process.env.REDIS_URL (defaulting to redis://localhost:6373). The skill may attempt network connections to a Redis host if REDIS_URL is set; that env var is not declared in metadata. No credentials are requested and no external API tokens are present, which is proportionate — but the undeclared Redis connection is an unexplained capability and should be disclosed and constrained.
Persistence & Privilege
The skill persists an SQLite DB file (clawguard.db) in its own directory and does not request 'always: true' or any elevated platform privileges. It does not modify other skills' configs. Writing a local ledger is consistent with stated behavior, but users should be aware logs will accumulate locally and may contain justification text.
What to consider before installing
What to consider before installing:
- The skill's behavior (log to SQLite, block high-risk actions, optional Redis rate-limiting) matches its description, but the package ships TypeScript source and a package.json with runtime deps without an install spec — verify the runtime will provide node, npm-installed dependencies, or provide an install step yourself.
- The code reads REDIS_URL (defaulting to redis://localhost:6373). Decide whether you want the skill to contact a Redis server; set REDIS_URL to a controlled host or leave it unset so Redis attempts fail harmlessly. Confirm your environment's network policy prevents unwanted outbound connections.
- The skill writes a local database file clawguard.db in the skill directory. Audit its location/permissions and consider whether stored justifications may contain sensitive data you don't want on disk.
- The skill returns needs_civic for risk_level >=5 but does not implement any external Civic flow — treat that as informative only.
- Because there is no install spec, test the skill in a safe sandbox first to confirm dependencies and runtime behavior. If you need stricter guarantees, ask the author to add explicit install instructions, declare REDIS_URL in metadata, or provide a compiled artifact instead of raw TypeScript.Like a lobster shell, security has layers — review code before you run it.
latestvk97d2w14ffgnegw38hr6y6wm2183jc85
License
MIT-0
Free to use, modify, and redistribute. No attribution required.