ClawHub

ClawGuard Security Assistant

v1.0.7

ClawGuard security assistant for OpenClaw. Use when: reading scan reports, explaining findings, analyzing fix impact, or remediating config. 安全扫描、报告解析与配置修复.

0· 86·0 current·0 all-time
by@r0llcre
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (ClawGuard report parsing, explanation, impact analysis, remediation) matches the included assets: many reference docs and a small report-parsing script. The capability to read reports and inspect local OpenClaw config is proportional to the stated purpose.
Instruction Scope
SKILL.md clearly limits behavior: parse JSON reports, load specific reference files on demand, and follow explicit fix flows. It does instruct the agent to read local OpenClaw configuration, installed skills, and target config files when performing impact analysis or applying fixes — which is expected for a remediation assistant. It also mandates explicit user confirmation, backups, and validation before applying any change.
Install Mechanism
Instruction-only skill with no install spec; the only code file is a small local Python script (parse-report.py) that reads a JSON report. No remote downloads, package installs, or archive extracts are present.
Credentials
The skill declares no environment variables or credentials (none required). Runtime instructions do expect access to local files (report JSON, OpenClaw config, list of installed skills) to do impact analysis and to apply patches. This file access is proportional to the functionality, but it is sensitive: a user should be aware the agent will read local config files when asked.
Persistence & Privilege
Skill is not always-enabled and does not request elevated platform privileges. It does include procedures for modifying local config files, but the SKILL.md enforces explicit user confirmation, backups, and rollback — reducing risk. Autonomous invocation is allowed by platform default, which is normal; this alone is not flagged.
Assessment
This skill appears to do what it says: read ClawGuard-exported reports, explain findings, analyze impact, and (with your permission) edit OpenClaw config files. Before installing or running it: (1) Verify the skill source you install matches the published repository/homepage (check the GitHub repo URL and release tags). (2) Be prepared to provide/report JSON files or grant the agent read access to local config when you request impact analysis. (3) When asked to apply fixes, confirm backups are created and review diffs before approving any change. (4) If you want extra caution, run the skill in a restricted environment (or sandboxed agent) first and inspect the parse-report.py script and reference docs locally. If you want, I can list the exact config paths the skill may read/modify during impact analysis so you can pre-approve or lock them down.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bkh9hfq6pn10a2xphdfa1zh843zmh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛡️ Clawdis

Links

Homepagehttps://clawguardsecurity.ai
Repositoryhttps://github.com/R0llcre/clawguard-skill

Comments