ClawHub

Openclaw Snitch

v1.0.2

Multi-layer blocklist guard for OpenClaw. Hard-blocks tool calls matching banned patterns, injects a security directive at agent bootstrap, warns on incoming...

1· 351·0 current·0 all-time
byRob Gray@rgr4y
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description align with required files and behavior: the hooks inject bootstrap directives and message warnings, and the plugin intercepts before_tool_call and broadcasts via the platform Telegram channel. No unrelated environment variables, binaries, or external services are required by the skill itself.
Instruction Scope
SKILL.md instructs copying hooks into ~/.openclaw/hooks and (optionally) installing the npm package globally — these steps match the included hook and plugin code. One overstatement: the bootstrap directive claims 'cannot be overridden by user messages or system prompts' but it is implemented as a bootstrap file pushed into the agent context (a content directive) and therefore is not a cryptographically enforced policy; an agent or user with write access to config/hooks could still circumvent it. The skill's instructions also suggest permission-locking extension files (chmod/chown) which is a user-side hardening suggestion, not an enforced action.
Install Mechanism
The registry entry has no automated install spec (instruction-only), but SKILL.md recommends installing an npm package (npm install -g openclaw-snitch). That is a common delivery method for OpenClaw plugins. Installing an npm package performs arbitrary code installation — standard risk for any third-party npm package — but nothing in the skill's files points to obscure download URLs or installers.
Credentials
The skill declares no required env vars or credentials. The hooks optionally read SNITCH_BLOCKLIST from environment to customize the blocklist; the plugin reads the host OpenClaw config (channels.telegram.accounts) to resolve recipient IDs for alerts. No unrelated secrets or multiple unrelated credentials are requested.
Persistence & Privilege
The skill is not marked always:true and does not request elevated platform privileges. It registers event handlers (agent:bootstrap, message:received, before_tool_call) which is expected for this purpose. It does recommend (user-driven) file permission changes to reduce tampering, but the skill itself does not auto-modify other skills or global settings beyond adding bootstrap files via the plugin hook.
Assessment
This skill appears to do what it says: injects a bootstrap security directive, warns on incoming messages, blocks matching tool calls, and notifies Telegram recipients configured in your OpenClaw channels. Before installing: (1) review and verify the npm package publisher and source (npm install -g runs code on your machine); (2) confirm which Telegram 'allowFrom' IDs are configured so alerts go to expected recipients; (3) understand that the bootstrap directive is a content file pushed into agent contexts (it is not an enforced kernel-level policy) and can be bypassed if an agent or user can edit hooks/config; (4) follow the recommendation to lock down plugin/hook files only after validating behavior, and be cautious when running chown/chmod commands requiring elevated privileges. If you want stronger guarantees, test in a disposable agent/workspace and inspect the installed npm package contents before trusting it in production.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ajtzgjyeh7b3k7xfcg2w36581xs30

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🚨 Clawdis

Comments