ClawHub

Agent Guardrails

v1.0.0

Stop AI agents from secretly bypassing your rules. Mechanical enforcement with git hooks, secret detection, deployment verification, and import registries. B...

0· 668·3 current·3 all-time
by@olmmlo-cmd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description (mechanical enforcement via git hooks, secret detection, deployment checks) aligns with the included scripts and documentation. However, registry metadata in the provided manifest lists no required binaries/env, while the SKILL.md and packaging claim bash and git are required — a minor metadata mismatch. All provided files (install.sh, pre/post-create checks, check-secrets.sh, deployment checks, feedback-loop scripts) are coherent with the enforcement purpose.
!
Instruction Scope
SKILL.md instructs installing scripts and git hooks into the user's project (copying files to the project, adding .git/hooks entries, creating .deployment-check.sh and .pending-skill-updates.txt). That is expected for a tool that enforces repository rules, but it means the skill will read and modify the repository state (file system, .git), and install hooks that will run on every commit. The feedback loop/post-commit detection will scan commit diffs for enforcement improvements and create tasks; the auto-commit flow can commit skill updates with human confirmation. These behaviors are within the described purpose but constitute persistent modification of project repositories — you should review the scripts before running them. There are no obvious hidden network exfiltration endpoints in SKILL.md, but publish/push utilities in scripts could use your local credentials to publish/push.
Install Mechanism
This is an instruction-only skill with included shell scripts; there is no downloads-from-unknown-URL or package registry install. All code is present in the bundle, and install is done by running provided bash scripts. That's lower-risk than remote downloads, but because scripts will be executed locally, they must be inspected. A provided helper PUBLISH_NOW.sh runs 'clawdhub' commands and opens a browser for login — running that would interact with external services and should be used only if you trust the repo and credentials.
Credentials
The skill declares no required environment variables in the registry metadata, which matches that it doesn't explicitly ask for tokens. SKILL.md and other docs do require git and bash which are normal. However, some scripts (publish/publish-now and auto-commit) will use local git credentials and the 'clawdhub' CLI if present — meaning the tool could push/publish using whatever repo/CLI credentials are available on the machine. No secrets are requested in the metadata, but the installed hooks scan for secrets and the feedback loop can create tasks referencing local commits. Confirm you want hooks that can trigger git operations using your environment's credentials.
!
Persistence & Privilege
The skill installs persistent git hooks and scripts into a project (modifies .git/hooks, copies scripts, and creates persistent files such as .pending-skill-updates.txt). It also includes a feedback loop that can facilitate committing updates to the skill repository (semi-automatic commit script) and a publish helper that invokes 'clawdhub publish'. While these actions are described and typically include a confirmation step, they give the code a persistent presence in projects and the ability to make commits/publish actions using the host's credentials. This persistent ability to modify and (potentially) publish should be reviewed before granting trust.
What to consider before installing
What to check before installing: - Inspect the scripts locally before executing: open scripts/install.sh, scripts/pre-create-check.sh, scripts/post-create-validate.sh, scripts/install-skill-feedback-loop.sh, and scripts/create-deployment-check.sh and confirm they do only the filesystem/git operations you expect. Look for any network calls, curl/wget, or hidden commands. - Back up your repository and commit state before installing hooks (git clone to a disposable test repo). Installing will copy hooks into .git/hooks and may block commits until checks pass. - Pay special attention to the feedback loop and publish helpers: the post-commit detection creates tasks and the auto-commit/publish scripts can run git commit/push/clawdhub publish using local credentials. Do not run PUBLISH_NOW.sh or auto-publish scripts unless you trust the repo and have reviewed them. - If you want to trial the tool safely: install into an isolated/test repository, run the scripts manually, and verify behavior (dry-run where possible) before deploying into production repos. - Metadata mismatch: the SKILL.md indicates bash and git are required but registry metadata listed none — treat this as a packaging oversight and ensure bash/git are available and that you understand the script effects. If you are not comfortable reviewing shell scripts yourself, ask a colleague with ops/security experience to audit the scripts and confirm they won't push or publish artifacts unexpectedly.

Like a lobster shell, security has layers — review code before you run it.

latestvk97747e37g5kwn52z4gxndtmmx81bg0b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments