Agent Guard
PassAudited by ClawScan on May 17, 2026.
Overview
Agent Guard is a disclosed security plugin that auto-screens tool-call text with a local Python helper, with the main cautions being its broad hook and external helper dependency.
This skill appears benign and purpose-aligned for automatic prompt-injection screening. Before installing, make sure you trust the separately installed Python package, understand that the plugin runs on startup and inspects textual tool-call parameters, and remember that it fails open if the helper cannot run.
Publisher note
Bridges to a local Python helper (agent-guard-plugins) via subprocess for prompt-injection classification; no network calls; fails open.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
While installed, the plugin can prevent some tool calls from running, which may affect workflows if content is flagged.
The plugin hooks every tool call and can block calls based on the screening verdict. This is broad control over tool execution, but it matches the stated security purpose and is disclosed.
api.on("before_tool_call", (event) => { ... if (verdict?.block === true) { return { block: true, blockReason: ... }; } }, { priority: 90 })Install it only if you want automatic tool-call screening, and keep the documented disable/kill-switch option available for troubleshooting.
The installed Python package runs under the user's local account and receives the screened text.
The Node plugin executes a local Python module once per screened tool call. This is expected for the documented bridge to the Python screening engine, but it is still local code execution.
const out = execFileSync(python, ["-m", "agent_guard_plugins.integrations.openclaw_bridge"], { input: request, encoding: "utf8", timeout: timeoutMs, env: { ...process.env } })Verify the Python package source/version before installing, and avoid pointing AGENT_GUARD_PYTHON at an untrusted interpreter.
Security and privacy depend partly on the separately installed Python helper package.
The core screening engine is installed separately from PyPI and is not included in the npm artifact under review. The dependency is disclosed and purpose-aligned, but it is an external trust dependency.
pip install agent-guard-plugins
Install the helper from the expected publisher/source, consider pinning a known-good version, and review updates before upgrading.
If the Python helper or interpreter were untrusted, it could read environment variables available to OpenCLAW.
The Python screening subprocess inherits the full OpenCLAW process environment, which may include local configuration or secrets even though no credential use or transmission is shown in the included code.
env: { ...process.env }Run this only with a trusted helper package and avoid exposing unnecessary secrets in the OpenCLAW environment.