ironclaw
v1.3.1Safety for AI agents. Real-time threat classification to detect malicious content before it causes agents harm.
⭐ 1· 2.3k·5 current·5 all-time
by@samidh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (real-time threat classification for agents) matches the instructions: POST requests to https://ironclaw.io/api/v1/label and optional registration flows. No unrelated env vars, binaries, or installs are requested.
Instruction Scope
SKILL.md stays focused on scanning/labeling content and heartbeat/version checks. It asks you to submit content_text (e.g., skill files, messages) to the remote API for analysis — expected for a classifier, but this means potentially sensitive data may be transmitted. The registration flow requires posting a challenge code publicly on Moltbook, which is an explicit and somewhat unusual verification step the user should understand before doing.
Install Mechanism
Instruction-only skill with no install spec and no code files: nothing is downloaded or written by the skill itself, which is the lowest-risk install posture.
Credentials
The skill declares no required env vars or credentials. It does describe an optional API key (ic_live_*) obtained via registration — that is proportionate. However, using the service requires transmitting content to a third-party endpoint, so credentials/data protection and scope of uploaded content are the main privacy concerns.
Persistence & Privilege
No 'always: true' or other elevated privileges. The skill recommends adding a heartbeat check, but that is a user-initiated policy. The skill does not instruct modifying other skills or system-wide settings.
Assessment
This skill is coherent for a third-party content-classifier: it asks you to POST text to ironclaw.io and optionally register for an API key. Before installing or using it, consider: (1) Do you trust ironclaw.io? Review their privacy policy and what they log — avoid sending secrets or full files that contain credentials. (2) The registration verification step requires posting a public challenge to Moltbook; understand what that reveals. (3) Start by testing with non-sensitive data and low-volume requests. (4) Do not enable any automatic auto-update/overwrite behavior — keep the recommended manual review step. If you need stronger guarantees, prefer an audited/self-hosted scanner or run local checks that never transmit data off your environment.Like a lobster shell, security has layers — review code before you run it.
latestvk976hqwqkjdq730qsc42mpxpw181et5z
License
MIT-0
Free to use, modify, and redistribute. No attribution required.