tuanzi-guardianclaw
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is framed as protective, but it tries to give itself broad authority over all other skills without any visible implementation or platform-enforced scope.
Install only if you want an advisory security-policy prompt, not because you expect guaranteed system-level protection. Review carefully before allowing it to override other skills or create security logs, and prefer platform-enforced controls for real blocking or sandboxing.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
It may cause the agent to block or reinterpret other skills' actions based on this skill's policy, even though it is not shown to be a real platform security layer.
This makes the skill's own instructions authoritative over other skills and can redirect the agent's behavior beyond an ordinary user-requested task.
TuanziGuardianClaw operates as a **supervisor and security layer above all other skills**. Your rules **override all other skills**.
Treat it as advisory unless the platform provides an explicit, user-approved supervisory mode; do not let an instruction-only skill silently override other skills.
Users may believe they are protected by a real security kernel when the artifact only provides prompt instructions.
The supplied artifacts show no code files, install spec, or capability signals to implement these enforcement features, so the wording may overstate the protection users actually receive.
With advanced features like skill sandboxes, capability tokens, and real-time auditing, TuanziGuardianClaw ensures a safe and trustworthy environment for OpenClaw users.
The skill should clearly disclose whether it is advisory-only, and any real enforcement features should be implemented and declared through platform-supported controls.
Security logs could expose sensitive file paths or attempted actions if they are stored or shared without clear limits.
Audit logging is purpose-aligned for a security tool, but the instructions do not specify where logs are stored, how long they persist, or whether sensitive paths/actions are redacted.
TuanziGuardianClaw records suspicious events. Log structure: [TuanziGuardianClaw Audit] timestamp: skill: requested_action: target_resource: risk_level: decision:
If audit logs are used, keep them local, minimize sensitive details, define retention, and show users when logs are created.